Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow
2017-03-27 20:05:03[+] Title: Disk Sorter Server v9.5.12 - Local Stack-based buffer overflow
[+] Credits / Discovery: Nassim Asrir
[+] Author Email: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="186f796b6b7471767d587f75797174367b7775">[email protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script> || https://www.linkedin.com/in/nassim-asrir-b73a57122/
[+] Author Company: Henceforth
[+] CVE: N/A
Vendor:
===============
http://www.disksorter.com/
Download:
===========
http://www.disksorter.com/setups/disksortersrv_setup_v9.5.12.exe
Vulnerability Type:
===================
local stack-based buffer overflow
POC:
===================
Launch the program click on :
1 - Server
2 - Connect
3 - and in the Share Name field inject (5000 "A") then the program crashed see the picture.
CVE Reference:
===============
N/A
Tested on:
===============
Windows 7
Win xp
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.