RealTerm Serial Terminal Buffer Overflow Vulnerability in Echo Port Tab Allowing Arbitrary Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in RealTerm Serial Terminal version 2.0.0.70. This vulnerability resides in the Echo Port tab and involves structured exception handling (SEH). Local attackers can exploit this issue to execute arbitrary code by injecting a malicious payload. The exploitation process involves crafting a buffer overflow payload that includes a POP POP RET gadget chain and shellcode. When this payload is pasted into the Port field and the Change button is clicked, it triggers the code execution.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, paste a crafted payload into the Port field of the Echo Port tab and click the Change button. The payload should include a POP POP RET gadget chain and shellcode that executes when the buffer overflow is triggered.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.