Code-Projects Personal Diary Management System Stack-Based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability has been identified in version 1.0 of the Code-Projects Personal Diary Management System. This critical vulnerability resides in the 'addrecord' function of the New Record Handler component. The issue arises from the 'filename' argument, where improper input handling allows for memory corruption. Exploitation of this vulnerability requires local access and can lead to a denial-of-service condition, as well as potentially allowing arbitrary code execution.

Impact

Exploitation of this vulnerability causes a denial-of-service condition and could allow for arbitrary code execution, depending on the nature of the payload used.

Reproduction

To reproduce this vulnerability, access the 'addrecord' function in the Personal Diary Management System. When prompted to enter a filename, input a string that exceeds the 15-byte buffer limit. This can be done by entering a payload of approximately 100 bytes. The overflow will cause a stack corruption, leading to an 'EXCEPTION_ACCESS_VIOLATION' error, which indicates a successful exploitation of the buffer overflow.