FlexHEX Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A local buffer overflow vulnerability has been identified in FlexHEX version 2.71. This vulnerability resides in the Stream Name field and allows local attackers to execute arbitrary code by exploiting a structured exception handler (SEH) overflow. Attackers can create a malicious text file containing carefully aligned shellcode and SEH chain pointers, paste this into the Stream Name dialog, and execute commands such as launching calc.exe when the exception handler is triggered.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, first generate a text file named 'evil.txt' containing the crafted payload that exploits the buffer overflow. This payload should include the shellcode and SEH manipulation required for the exploit. Next, open FlexHEX Editor and select 'Stream', then click 'New Stream...'. Paste the contents of 'evil.txt' into the 'Stream Name' dialog and confirm. The payload will be executed, triggering the SEH overflow and executing the aligned shellcode, such as launching calc.exe.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.