AbsoluteTelnet Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in AbsoluteTelnet version 11.24. This issue allows local attackers to crash the application by manipulating the DialUp connection and license name fields. Exploitation involves generating a 1000-character payload, which can be pasted into these specific input fields, causing the application to crash and terminate unexpectedly.

Impact

Exploitation of this vulnerability leads to a crash of the AbsoluteTelnet application, causing an unexpected termination of the program.

Reproduction

To reproduce this vulnerability, download and install AbsoluteTelnet version 11.24. After installation, a Python script can be used to create a text file containing a 1000-character payload. This file can then be used to populate the 'DialUp Connection' phone field, which will cause the application to crash. The same payload can be copied into the 'license name' field, which also triggers a crash.