This Metasploit module exploits a stack based buffer overflow found in KingScada versions prior to 3.1.2.13. The vulnerability is triggered when sending a specially crafted packet to the 'AlarmServer' (AEserver.exe) service listening on port 12401. During the parsing of the packet the 3rd dword is used as a size value for a memcpy operation which leads to an overflown stack buffer. Continue reading...
