River Past Video Cleaner Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in River Past Video Cleaner version 7.6.3. This vulnerability occurs in the structured exception handler (SEH) mechanism, allowing local attackers to execute arbitrary code. The issue arises when a malicious string is injected into the Lame_enc.dll field. Exploitation involves crafting a payload that includes 280 bytes of padding, an overwrite of the next structured exception handler, and shellcode that is executed when the application processes the input.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, open River Past Video Cleaner version 7.6.3 and navigate to the file options. Paste the crafted payload, which includes the buffer overflow exploit, into the Lame_enc.dll field. When the application processes this input, the injected shellcode will execute, demonstrating the vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.