TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Exploit

2015-11-16T00:00:00
ID 1337DAY-ID-24546
Type zdt
Reporter LiquidWorm
Modified 2015-11-16T00:00:00

Description

TP3-PCLINK Software is the supportive software for TP03, providing three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input rapidly and correctly. The vulnerability is caused due to a boundary error in the processing of a project file, which can be exploited to cause a buffer overflow when a user opens e.g. a specially crafted .TPC file. Successful exploitation could allow execution of arbitrary code on the affected machine.

                                        
                                            #!/usr/bin/perl
#
#
# TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability
#
#
# Vendor: TECO Electric and Machinery Co., Ltd.
# Product web page: http://www.teco-group.eu
# Affected version: 2.1
#
# Summary: TP3-PCLINK Software is the supportive software for TP03, providing
# three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input
# rapidly and correctly.
#
# Desc: The vulnerability is caused due to a boundary error in the processing
# of a project file, which can be exploited to cause a buffer overflow when a
# user opens e.g. a specially crafted .TPC file. Successful exploitation could
# allow execution of arbitrary code on the affected machine.
#
# ---------------------------------------------------------------------------------
# (794.193c): C++ EH exception - code e06d7363 (first chance)
# Critical error detected c0000374
# (794.193c): Break instruction exception - code 80000003 (first chance)
# eax=00000000 ebx=00000000 ecx=778f0b42 edx=0018db71 esi=02730000 edi=41414141
# eip=7794e725 esp=0018ddc4 ebp=0018de3c iopl=0         nv up ei pl nz na po nc
# cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00200202
# ntdll!RtlpNtEnumerateSubKey+0x1af8:
# 7794e725 cc              int     3
# ---------------------------------------------------------------------------------
#
# Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit
#            Microsoft Windows 7 Ultimate SP1 (EN) 64bit
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#                             @zeroscience
#
#
# Advisory ID: ZSL-2015-5277
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5277.php
#
#
# 09.10.2015
#


PoC:

- http://zeroscience.mk/codes/tp3tpc-5277.zip

#  0day.today [2018-04-02]  #