RAREPROB Solutions Video Player Arbitrary File Overwrite Vulnerability

An arbitrary file overwrite vulnerability has been identified in the RAREPROB Solutions Video Player app, specifically in version 1.0.135. This vulnerability allows attackers to overwrite critical internal files through the file import process, potentially leading to arbitrary code execution or exposure of sensitive information. The issue arises from inadequate security validation when handling imported files, enabling a malicious app to manipulate filenames and contents to overwrite important files in the app's internal storage. Such modifications can cause the app to malfunction, fail to launch, or execute unauthorized code. The vulnerability can be triggered automatically without complex user interaction, once the victim opens the malicious app.

Impact

Exploitation of this vulnerability could result in overwriting critical internal files, allowing for arbitrary code execution or unauthorized exposure of information. Additionally, according to the vendor, this vulnerability could lead to a denial-of-service by causing the app to malfunction or fail to launch.

Reproduction

To reproduce this vulnerability, a malicious app must be created that exploits the file import process in the Video Player - Play All Videos app. The malicious app can be designed to include files with names and contents that, when imported, overwrite sensitive internal files using path traversal techniques. Once the malicious app is installed and opened by the user, the vulnerability is triggered automatically, without requiring any complex interaction.