SC Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A stack-based buffer overflow vulnerability has been identified in SC version 7.16. This vulnerability allows local attackers to execute arbitrary code by providing oversized input that exceeds the buffer's boundaries. Specifically, input strings longer than 1052 bytes can be crafted to overwrite the instruction pointer, enabling the execution of shellcode within the application's context.
Impact
Exploitation of this vulnerability leads to arbitrary code execution in the context of the application. However, failed attempts to exploit the vulnerability cause a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by using a local fuzzer to send input strings exceeding 1052 bytes to the SC application. The oversized input will cause a stack-based buffer overflow, allowing for the execution of arbitrary code by overwriting the instruction pointer with a crafted payload.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.