Iperius Backup Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A local buffer overflow vulnerability has been identified in Iperius Backup version 5.8.1. This vulnerability arises from the structured exception handling (SEH) mechanism, allowing local attackers to execute arbitrary code by providing a malicious file path. Exploitation involves creating a backup job with a crafted payload in the external file location field, which triggers the buffer overflow when the job is executed. This exploitation enables code execution with the application's privileges.
Impact
Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution with the privileges of the application.
Reproduction
To reproduce this vulnerability, create a backup job in Iperius Backup 5.8.1. In the 'External File Location' field, enter a crafted file path that exploits the buffer overflow vulnerability. Once the backup job is created, execute it. The application will crash, indicating that the buffer overflow has been successfully exploited.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.