###########################

# TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability

###########################

#!/usr/bin/perl
#
#
# TECO TP3-PCLINK 2.1 TPC File Handling Buffer Overflow Vulnerability
#
#
# Vendor: TECO Electric and Machinery Co., Ltd.
# Product web page: http://www.teco-group.eu
# Affected version: 2.1
#
# Summary: TP3-PCLINK Software is the supportive software for TP03, providing
# three edit modes as LADDER, IL ,FBDand SFC, by which programs can be input
# rapidly and correctly.
#
# Desc: The vulnerability is caused due to a boundary error in the processing
# of a project file, which can be exploited to cause a buffer overflow when a
# user opens e.g. a specially crafted .TPC file. Successful exploitation could
# allow execution of arbitrary code on the affected machine.
#
# ---------------------------------------------------------------------------------
# (794.193c): C++ EH exception - code e06d7363 (first chance)
# Critical error detected c0000374
# (794.193c): Break instruction exception - code 80000003 (first chance)
# eax=00000000 ebx=00000000 ecx=778f0b42 edx=0018db71 esi=02730000 edi=41414141
# eip=7794e725 esp=0018ddc4 ebp=0018de3c iopl=0 nv up ei pl nz na po nc
# cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00200202
# ntdll!RtlpNtEnumerateSubKey+0x1af8:
# 7794e725 cc int 3
# ---------------------------------------------------------------------------------
#
# Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit
# Microsoft Windows 7 Ultimate SP1 (EN) 64bit
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2015-5277
# Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5277.php
#
#
# 09.10.2015
#


PoC:

- http://zeroscience.mk/codes/tp3tpc-5277.zip

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2015-11-20]

###########################