AgataSoft Auto PingMaster Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in AgataSoft Auto PingMaster version 1.5. The issue resides in the Trace Route host name field, where local attackers can execute arbitrary code by exploiting structured exception handling. By crafting a malicious ping.txt file containing shellcode and jump instructions, attackers can overwrite the SEH handler pointer. This manipulation allows the execution of injected code when the file contents are pasted into the application.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, create a ping.txt file with shellcode and jump instructions designed to overwrite the Structured Exception Handling (SEH) handler pointer. Once the file is prepared, paste its contents into the Trace Route host name field within AgataSoft Auto PingMaster version 1.5. The application will execute the injected shellcode, demonstrating the buffer overflow vulnerability.