Code::Blocks Buffer Overflow Vulnerability in File Name Field Allows Arbitrary Code Execution

A local buffer overflow vulnerability has been identified in Code::Blocks version 17.12. This vulnerability allows attackers to execute arbitrary code by crafting a malicious file name that includes Unicode characters. The issue can be triggered during project creation by pasting a specially crafted payload into the file name field. Exploitation of this vulnerability could lead to the execution of system commands, such as launching calc.exe.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, first disable Data Execution Prevention (DEP) for the Code::Blocks application. Then, open Code::Blocks and create a new project. When prompted to enter a file name, paste a payload that has been crafted to exploit the buffer overflow vulnerability, ensuring that it includes Unicode characters. Once the project is created, the payload will be executed, resulting in the arbitrary code execution.