xwpe Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in xwpe versions through 1.5.30a-2.1. This vulnerability allows local attackers to execute arbitrary code by providing excessively long input strings that surpass buffer limits. Exploitation involves crafting malicious command-line arguments with 262 bytes of junk data followed by shellcode, which overwrites the instruction pointer, potentially leading to code execution or a denial-of-service condition.

Impact

Exploitation of this vulnerability allows for arbitrary code execution in the context of the application. However, failed attempts to exploit the vulnerability result in a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by running xwpe with a command-line argument that includes 262 bytes of junk data followed by shellcode. The junk data overwrites the buffer, and the shellcode is executed once the instruction pointer is redirected. This can be automated with a Python script that generates the payload and launches it via the command line.