Alloksoft Video Joiner Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in Alloksoft Video Joiner version 4.6.1217. This vulnerability allows local attackers to execute arbitrary code by entering a malicious string in the License Name field. The exploitation involves crafting a payload that overwrites the structured exception handler (SEH) and includes shellcode, which is executed when the application processes the license registration input.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, download and install Alloksoft Video Joiner version 4.6.1217 on a Windows XP Service Pack 3 system. After installation, run the application and enter a crafted payload in the License Name field that includes an SEH overwrite and shellcode. Fill in the License Code field with random characters and click 'Register'. The exploitation will succeed, and the Windows Calculator will open as a result of the executed shellcode.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.