ZOC Terminal Buffer Overflow Vulnerability Leading to Denial-of-Service

A buffer overflow vulnerability has been identified in ZOC Terminal version 7.23.4. The issue resides in the Shell field of the Program Settings, where local attackers can crash the application by entering an excessively long string. This vulnerability can be exploited by pasting a crafted payload into the Shell configuration field, which then triggers a crash when the Command Shell feature is accessed.

Impact

Exploitation of this vulnerability causes the application to crash, leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first create a text file containing a long string of approximately 270 characters, consisting of repeated 'A' characters. After saving the file, open ZOC Terminal and navigate to the Program Settings under the Options menu. In the Special Files section, locate the 'Shell' field, clear its contents, and paste the clipboard data from the text file. Save the changes, then access the Command Shell feature, which will result in the application crashing.