Exploit ExploitDB

Faleemi Windows Desktop Software – (DDNS/IP) Local Buffer Overflow

Faleemi Desktop Software for Windows- (DDNS/IP) Local Buffer Overflow

Vuln Description:
Faleemi Desktop Software for Windows and its Beta version (Faleemi Plus Desktop Software for Windows(Beta)) are vulnerable to Buffer Overflow exploit. When overly input is given to DDNS/IP parameter, it overflows the buffer corrupting EIP which can utilized cleverly for local arbitrary code execution. If this software is running as admin and if a low priv user has access to this application to enter new device, he can exploit the Buffer Overflow in the DDNS/IP parameter to obtain Admin privs. An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Vulnerable Application Info:
1. Faleemi Desktop Software for Windows
URL: http://support.faleemi.com/fsc776/Faleemi_v1.8.exe

2. Faleemi Desktop Software for Windows (Beta)
URL: http://support.faleemi.com/fsc776/Faleemi_Plus_v1.0.2.exe

After hitting enter new device, click Enter device manually

Source: ExploitDB

Post Comment



This site uses Akismet to reduce spam. Learn how your comment data is processed.