SOUND4 LinkAndShare Transmitter Format String Stack Buffer Overflow Vulnerability

A format string vulnerability has been identified in SOUND4 LinkAndShare Transmitter version 1.1.2. This vulnerability allows attackers to cause stack memory overflows by manipulating the username environment variable with crafted format string payloads. The issue arises because the application does not properly sanitize user input before using it in the getenv() function, leading to a crash, memory overflow, and potential execution of arbitrary code.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can lead to arbitrary code execution and a crash of the application.

Reproduction

To reproduce this vulnerability, set the username environment variable with a payload that includes format string specifiers. Then, launch the LinkAndShareTransmitter application. The application will crash, and the environment variable will be processed in a way that triggers the buffer overflow.