10-Strike LANState Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A local buffer overflow vulnerability has been identified in 10-Strike LANState version 8.8. This vulnerability arises from improper structured exception handling, which allows local attackers to execute arbitrary code. The issue can be exploited by creating a malicious LSM map file containing a payload in the ObjCaption parameter. When this file is opened in the application, the crafted payload overflows the buffer, overwrites the exception handling chain, and executes the embedded shellcode.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
The vulnerability can be reproduced by opening the application and loading a specially crafted LSM file. This file should contain a payload that exploits the buffer overflow by overwriting the structured exception handling chain. After the file is opened, the injected shellcode will be executed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.