Filefuzzer Denial of service vulnerability

vendor:

Filefuzzer

by:

Sweet

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Filefuzzer

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP3 (English) on VMware

2010

Filefuzzer Denial of service vulnerability

The Filefuzzer software is vulnerable to a denial of service attack. By setting up the application to fuzz the 'bkf' file type and executing the application with a modified argument, an attacker can cause the application to crash.

Mitigation:

Update the Filefuzzer software to a patched version that fixes the denial of service vulnerability.

Source

Exploit-DB raw data:

Exploit Title :Filefuzzer Denial of service vulnerability
Software : Filefuzzer
Software link :http://labs.idefense.com/software/fuzzing.php
Autor : Sweet
Email : charif38@hotmail.fr
Date  : 5/11/2010
Tested on : WinXp sp3 eng | Vmware
Software detail: FileFuzz is a graphical Windows based devlopped by file format fuzzing tool . Devlopped by "IDefense Labs",
                 FileFuzz was designed to automate the launching of applications and detection of
                 exceptions caused by fuzzed file formats. compiled under Microsoft .NET 2.0
Thx to : Inj3ct0r.com , shell-storm.org , exploit-db.com and 123 viva l'Algerie
POC
Setup the application to fuzz any kind of application you want , i just left everything by default 

in Create menu
File Type        : "bkf - ntbackup.exe"
Source file      : "C:\Program Files\FileFuzz\Attack\test.bkf"
Target Directory : "c:\fuzz\bkf\" #Create the directory if it's dosent existe

in Execute menu
Application      : "C:\WINDOWS\system32\ntbackup.exe"
Arguments        : by default its "{0}" change it to "{A}" and presse execute wish will cause the application to crash