JetAudio jetCast Server Buffer Overflow Vulnerability in Log Directory Configuration
Vulnerability
A stack-based buffer overflow vulnerability has been identified in JetAudio jetCast Server version 2.0. The issue arises in the Log Directory configuration field, where local attackers can overwrite structured exception handling (SEH) pointers. By injecting alphanumeric encoded shellcode into the Log Directory field, attackers can trigger an SEH exception handler and execute arbitrary code with the privileges of the application.
Impact
Exploitation of this vulnerability allows for a stack-based buffer overflow, enabling local attackers to execute arbitrary code with application privileges.
Reproduction
To reproduce this vulnerability, first run the application 'jetCast Server 2.0' on a Windows XP SP3 environment. Once the application is open, navigate to the configuration settings and locate the 'Log Directory' field. Inject the crafted payload, which is designed to exploit the buffer overflow by overwriting the SEH pointer, into this field. After pasting the payload, click 'OK' to save the configuration, and then start the server. The injected shellcode will be executed, resulting in the exploitation of the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.