Uderzo Software SpaceSniffer Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in Uderzo Software SpaceSniffer version 2.0.5.18. This vulnerability allows remote attackers to execute arbitrary code by exploiting a crafted .sns snapshot file. The issue arises because SpaceSniffer parses these files using an attacker-controlled length value, which is improperly validated, leading to stack-based memory corruption.

Impact

Exploitation of this vulnerability causes stack memory corruption, crashes the application, and can be leveraged for arbitrary code execution in the context of the user running SpaceSniffer.

Reproduction

To reproduce this vulnerability, a remote attacker can create a .sns file with an oversized length value that causes a stack overflow during parsing. This file can then be delivered to the victim through email, chat, or download. Once the file is opened in SpaceSniffer, the application will crash, and the code execution can be observed, such as through a benign MessageBoxW call.

Remediation

This vulnerability has been resolved in SpaceSniffer version 2.1.0.21.