River Past Cam Do Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A local buffer overflow vulnerability has been identified in River Past Cam Do version 3.7.6. The issue resides in the activation code input field, where local attackers can execute arbitrary code by entering a malicious activation code. Exploitation involves crafting a buffer with 608 bytes of junk data, followed by shellcode and values to overwrite the Structured Exception Handling (SEH) chain. When the activation dialog processes the input, the injected code is executed.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, generate a file named 'evil.txt' containing 608 bytes of junk data followed by the payload, including shellcode and SEH overwrite values. Copy the contents of this file to the clipboard. Open River Past Cam Do and paste the copied activation code into the activation dialog. After selecting 'Activate', the injected payload will be executed, in this case, launching 'calc.exe'.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.