vendor:
Cain & Abel
by:
Encrypt3d.M!nd
7.5
CVSS
HIGH
Buffer Overflow
120 (Buffer Copy without Checking Size of Input)
CWE
Product Name: Cain & Abel
Affected Version From: 4.9.23
Affected Version To: 4.9.23
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008
Cain & Abel v4.9.23 (rdp file) Buffer Overflow PoC
When Using Remote Desktop Password Decoder in Cain and Importing '.rdp' file contains long Chars(ex:8250 chars), the Program Will crash. This Poc Will Gonna Overwrite the Pointer to next SEH With '42424242' and The SE Handler with '43434343'.
Mitigation:
Ensure that the size of the input is checked before copying it into a buffer.
