iSmartViewPro Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in iSmartViewPro version 1.5. This vulnerability resides in the 'Save Path for Snapshot and Record file' field within the System Setup interface. It allows local attackers to execute arbitrary code by inputting a crafted payload that exceeds 260 bytes. The overflow exploits a structured exception handling (SEH) vulnerability, enabling the execution of shellcode with application privileges.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the privileges of the application.

Reproduction

To reproduce this vulnerability, first create a payload that exploits the buffer overflow by overwriting the SEH records. This can be done using a Python script that generates a payload of 260 bytes, followed by the necessary bytes to manipulate the SEH stack. Once the payload is created, it should be saved to a text file. Open iSmartViewPro 1.5 and navigate to the 'System Setup' section. In the 'Save Path for Snapshot and Record file' field, paste the payload from the text file and click 'Save'. If successful, this will trigger the execution of the injected shellcode, such as opening the calculator application.