dataSIMS Avionics ARINC 664-1 Local Buffer Overflow Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A local buffer overflow vulnerability has been identified in dataSIMS Avionics ARINC 664-1 version 4.5.3. This vulnerability allows attackers to overwrite memory by manipulating the milstd1553result.txt file. By crafting a malicious file with carefully constructed payload and alignment sections, it may be possible to execute arbitrary code on the Windows system.
Impact
Exploitation of this vulnerability can lead to a stack-based buffer overflow, allowing for memory overwriting and potentially arbitrary code execution on the affected Windows system.
Reproduction
The vulnerability can be reproduced by creating a malicious milstd1553result.txt file. This file should include a payload designed to exploit the buffer overflow, with the payload aligned to overwrite the return address. Once the file is created, it can be placed in a location where dataSIMS will read it, triggering the buffer overflow when the application processes the file.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.