BearShare Lite Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A buffer overflow vulnerability has been identified in BearShare Lite version 5.2.5. The issue arises in the Advanced Search keywords input, where attackers can execute arbitrary code by crafting a specific payload. This payload overwrites the EIP register, allowing for the execution of shellcode. The vulnerability is exploited by pasting malicious content into the search keywords field.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Reproduction
To reproduce this vulnerability, first generate a payload that exploits the buffer overflow by overwriting the EIP register with a jump instruction followed by shellcode. This can be done using a script that creates the payload and saves it to a file. Open BearShare Lite and navigate to the 'Advanced Search' feature. In the keywords input field, paste the payload from the file. Once the search is initiated, the payload will be executed, leading to arbitrary code execution.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.