Flexsense DiskBoss Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A local buffer overflow vulnerability has been identified in Flexsense DiskBoss version 7.7.14. The issue resides in the 'Reports and Data Directory' field, where improper handling of input allows for memory corruption. This vulnerability can be exploited to execute arbitrary code on the affected system.

Impact

Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution on the system.

Reproduction

To reproduce this vulnerability, first, run a provided Python script that prepares the exploit payload. After executing the script, copy the generated payload from the 'exploit.txt' file into the clipboard. Then, open DiskBoss and navigate to 'Tools' -> 'DiskBoss Options'. In the 'Advanced' section, paste the clipboard content into the 'Reports and Data Directory' field and click 'Save'. This action triggers the buffer overflow by overwriting the stack with the injected payload, which can include a reverse shell payload, for example.