Lavavo CD Ripper Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in Lavavo CD Ripper version 4.20. This vulnerability arises from improper exception handling, allowing local attackers to execute arbitrary code. The issue is triggered by supplying a malicious string in the 'License Activation Name' field. Exploitation involves crafting a payload that includes controlled buffer data, non-sequential exception (NSEH) jump instructions, and addresses for exception handling (SEH) to execute code and establish a bind shell on port 3110.

Impact

Exploitation of this vulnerability allows for arbitrary code execution with the privileges of the user running Lavavo CD Ripper.

Reproduction

To reproduce this vulnerability, first create a payload using a Python script that writes a buffer overflow exploit into a text file. This exploit should include jump instructions and addresses to hijack the application's execution flow. After preparing the payload, open Lavavo CD Ripper and paste the malicious string into the 'License Activation Name' field. Then, click 'Unlock Now' to trigger the buffer overflow and execute the payload, which will open a bind shell on port 3110.