RGui Buffer Overflow Vulnerability Allowing DEP Bypass and Arbitrary Code Execution
Vulnerability
A local buffer overflow vulnerability has been identified in RGui version 3.5.0, specifically within the GUI preferences dialog. This vulnerability allows attackers to bypass Data Execution Prevention (DEP) protections by exploiting Structured Exception Handling (SEH). By crafting malicious input in the 'Language for menus and messages' field, attackers can trigger a stack-based buffer overflow. This exploitation enables the execution of a Return-Oriented Programming (ROP) chain that allocates memory using VirtualAlloc, ultimately leading to arbitrary code execution.
Impact
Exploitation of this vulnerability causes a stack-based buffer overflow, allowing for arbitrary code execution by bypassing DEP protections.
Reproduction
To reproduce this vulnerability, open RGui 3.5.0 and navigate to the 'GUI preferences' dialog. Paste crafted input into the 'Language for menus and messages' field, which triggers the buffer overflow. Once the input is submitted, the exploitation can be observed, such as by launching a program like Calculator as part of the payload.
Remediation
Users are advised to update to RGui version 3.5.1 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.