ZOC Terminal Denial-of-Service Vulnerability via Malicious REXX Script

A denial-of-service vulnerability has been identified in ZOC Terminal version 7.25.5. This issue arises from the application's script processing capabilities, which can be exploited by local attackers. By loading a crafted REXX script file containing 20,000 repeated characters, attackers can cause the application to crash, leading to a service disruption.

Impact

Exploitation of this vulnerability causes the application to crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first create a REXX script file named 'ZOC_7.25.5_Script.zrx' containing 20,000 repeated characters. This can be done using a Python script that writes the repeated characters into a file. Once the file is created, open ZOC Terminal and select 'Script > Start REXX Script...'. Then, choose the 'ZOC_7.25.5_Script.zrx' file and click 'open'. The application will crash upon loading the script.