Faleemi windows desktop software (ddns/ip) local buffer overflow Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-03-30 |
Type : local |
Platform : windows
This exploit / vulnerability Faleemi windows desktop software (ddns/ip) local buffer overflow is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
'''
Faleemi Desktop Software for Windows- (DDNS/IP) Local Buffer Overflow
Vuln Description:
Faleemi Desktop Software for Windows and its Beta version (Faleemi Plus Desktop Software for Windows(Beta)) are vulnerable to Buffer Overflow exploit. When overly input is given to DDNS/IP parameter, it overflows the buffer corrupting EIP which can utilized cleverly for local arbitrary code execution. If this software is running as admin and if a low priv user has access to this application to enter new device, he can exploit the Buffer Overflow in the DDNS/IP parameter to obtain Admin privs. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Vulnerable Application Info:
1. Faleemi Desktop Software for Windows
URL: http://support.faleemi.com/fsc776/Faleemi_v1.8.exe
2. Faleemi Desktop Software for Windows (Beta)
URL: http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe
After hitting enter new device, click Enter device manually
'''