HTML5 Video Player Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A local buffer overflow vulnerability has been identified in HTML5 Video Player version 1.2.5. This vulnerability allows attackers to execute arbitrary code by sending an oversized key code string. By crafting a malicious payload that exceeds 997 bytes and pasting it into the KEY CODE field in the Help Register dialog, attackers can trigger code execution and launch a calculator process.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, first create a payload that includes the desired shellcode, such as a reverse shell, and ensure it is 996 bytes long. Then, append the address of a jump instruction (e.g., from shell32.dll) to the payload, followed by a NOP sled. After generating the payload, paste it into the KEY CODE field in the Help Register dialog of HTML5 Video Player 1.2.5. Once the payload is pasted, click OK to execute the code, which will trigger the calculator process as a proof of concept.