MegaPing Local Buffer Overflow Vulnerability Leading to Denial-of-Service
Vulnerability
A local buffer overflow vulnerability has been identified in MegaPing versions through 1.0. This vulnerability allows local attackers to cause a denial-of-service condition by crashing the application. The issue arises when an oversized payload is sent to the Destination Address List field within the Finger function. Exploitation involves pasting a crafted buffer that exceeds the expected input limits into the vulnerable field and then triggering the application to crash by clicking the Start button.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.
Reproduction
To reproduce this vulnerability, first create a text file named 'Evil.txt' containing a buffer of approximately 8000 bytes. After the file is created, open MegaPing and select the 'Finger' option from the left sidebar. Then, paste the contents of 'Evil.txt' into the 'Destination Address List' field. Finally, click the 'Start' button, which will result in the application crashing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.