Free Desktop Clock Stack Overflow Vulnerability Allowing SEH Overwrite
Vulnerability
A stack overflow vulnerability has been identified in Free Desktop Clock version 3.0. The issue arises in the Time Zones display name input, where attackers can exploit the vulnerability by sending crafted Unicode input. This input triggers an access violation by overwriting the Structured Exception Handler (SEH) registers, potentially allowing for arbitrary code execution.
Impact
Exploitation of this vulnerability leads to a stack-based buffer overflow, causing an access violation and allowing for the overwriting of SEH registers. This could be exploited to execute arbitrary code.
Reproduction
To reproduce this vulnerability, install Free Desktop Clock 3.0 on a Windows 10 system (32-bit version). Open the application and navigate to the Time Zones section. In the 'Enter display name' textbox, paste a crafted Unicode payload that exploits the stack overflow vulnerability. This will trigger an access violation by overwriting the SEH registers, which can be observed through the application's crash report.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.