Nsasoft Nsauditor Buffer Overflow Vulnerability in DNS Lookup Tool Allows Arbitrary Code Execution

A buffer overflow vulnerability in the structured exception handling (SEH) mechanism has been identified in Nsasoft Nsauditor version 3.0.28.0. This vulnerability allows local attackers to execute arbitrary code by sending malicious input through the DNS Lookup tool. The exploitation involves crafting a payload that overwrites the SEH chain and injects shellcode via the DNS Query field, resulting in code execution with the application's privileges.

Impact

Exploitation of this vulnerability leads to a local privilege escalation, allowing attackers to execute arbitrary code with application privileges.

Reproduction

To reproduce this vulnerability, first create a payload that exploits the buffer overflow by overwriting the SEH chain. This can be done using a Python script that generates a payload with the appropriate length and content, including the shellcode. Save this payload into a text file. Then, open Nsauditor and navigate to the 'Tools' menu, selecting 'DNS Lookup'. Paste the payload from the text file into the 'DNS Query' field and click 'Resolve'. The injected shellcode can then be executed by connecting to the application on the specified port using a tool like Netcat.