Prime95 Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in Prime95 version 29.8 build 6, specifically within the user ID input field. This vulnerability allows remote attackers to execute arbitrary code by crafting a malicious payload and pasting it into the PrimeNet user ID and proxy host fields. Exploitation of this vulnerability triggers a bind shell on port 3110.

Impact

Exploitation of this vulnerability leads to arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, first create a payload that exploits the buffer overflow and includes a bind shell payload. This can be done using a Python script that writes the payload to a file. After creating the payload, open Prime95 and navigate to the PrimeNet section. Paste the payload into the 'Optional User ID and Optional Computer Name' field, then click 'Connection'. Next, paste the payload into the 'Optional Proxy Host' field and press 'OK' twice. This will establish a connection and open a bind shell on port 3110.