Download Accelerator Plus Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in Download Accelerator Plus (DAP) version 10.0.6.0. This vulnerability involves a structured exception handler (SEH) buffer overflow that enables remote attackers to execute arbitrary code. Exploitation is achieved by crafting malicious URLs that contain overflowing buffer data, which overwrites SEH pointers and executes embedded shellcode. The vulnerability is triggered when these URLs are imported through the application's web page import functionality.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, first create a payload that includes the overflow data, SEH overwrite, and the shellcode (such as a payload to open the calculator). This can be done using a Python script that generates a text file containing the crafted URL payload. Once the payload is prepared, open Download Accelerator Plus and use the 'Import' feature to load the URL containing the malicious payload. The application will execute the embedded shellcode, demonstrating the successful exploitation of the vulnerability.