47 lines
No EOL
1.8 KiB
Text
47 lines
No EOL
1.8 KiB
Text
# TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability
|
|
#
|
|
#
|
|
# Vendor: TECO Electric and Machinery Co., Ltd.
|
|
# Product web page: http://www.teco-group.eu
|
|
# Affected version: 2.1
|
|
#
|
|
# Summary: TP3-PCLINK Software is the supportive software for TP03, providing
|
|
# three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input
|
|
# rapidly and correctly.
|
|
#
|
|
# Desc: The vulnerability is caused due to a boundary error in the processing
|
|
# of a project file, which can be exploited to cause a buffer overflow when a
|
|
# user opens e.g. a specially crafted .TPC file. Successful exploitation could
|
|
# allow execution of arbitrary code on the affected machine.
|
|
#
|
|
# ---------------------------------------------------------------------------------
|
|
# (794.193c): C++ EH exception - code e06d7363 (first chance)
|
|
# Critical error detected c0000374
|
|
# (794.193c): Break instruction exception - code 80000003 (first chance)
|
|
# eax=00000000 ebx=00000000 ecx=778f0b42 edx=0018db71 esi=02730000 edi=41414141
|
|
# eip=7794e725 esp=0018ddc4 ebp=0018de3c iopl=0 nv up ei pl nz na po nc
|
|
# cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200202
|
|
# ntdll!RtlpNtEnumerateSubKey+0x1af8:
|
|
# 7794e725 cc int 3
|
|
# ---------------------------------------------------------------------------------
|
|
#
|
|
# Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit
|
|
# Microsoft Windows 7 Ultimate SP1 (EN) 64bit
|
|
#
|
|
#
|
|
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
# @zeroscience
|
|
#
|
|
#
|
|
# Advisory ID: ZSL-2015-5277
|
|
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5277.php
|
|
#
|
|
#
|
|
# 09.10.2015
|
|
#
|
|
|
|
|
|
PoC:
|
|
|
|
- http://zeroscience.mk/codes/tp3tpc-5277.zip
|
|
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38702.zip |