Exploits / Vulnerability Discovered : 2018-10-01 |
Type : local |
Platform : windows_x86
This exploit / vulnerability Zahir enterprise plus 6 build 10b buffer overflow (seh) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
# Google Dork: -
# Date: 2018-09-28
# Exploit Author: modpr0be
# Vendor Homepage: http://www.zahiraccounting.com/
# Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip
# Version: 6 (build 10b) - Download here: http://zahirsoftware.com/zahirupdate/Zahir_SMB_6_Build10b%20-%20MultiUser.zip
# Tested on: Windows 7 x86/64bit
# CVE : N/A
# Category: local & privilege escalation
#
# Description
# Vulnerability occurs when the Zahir cannot handle large inputs and anomalies crafted CSV file.
# The Zahir main program failed to process the CR LF (Carriage Return Line Feed) characters which
# caused the Zahir main program to crash.
#
# Credits to f3ci, who found the vulnerability.
#
# Proof of Concept
#!/usr/bin/python