UXGROUP Voice Recorder Arbitrary File Overwrite Vulnerability Allowing Code Execution

A vulnerability in UXGROUP LLC Voice Recorder version 10.0 allows for arbitrary file overwriting through the file import process. This flaw can lead to the execution of arbitrary code or unauthorized access to sensitive information. The vulnerability arises from inadequate security checks on imported files, enabling malicious applications to manipulate filenames and contents to overwrite critical internal files. Exploitation of this vulnerability could disrupt the application's functionality or facilitate the execution of harmful code.

Impact

Exploitation of this vulnerability could result in the unauthorized execution of code, modification or deletion of critical application files, and exposure of sensitive information such as authentication data, potentially leading to account hijacking.

Reproduction

The vulnerability can be reproduced by importing files through the Voice Recorder app's file import feature. A malicious app can be crafted to include harmful payloads that, when imported, overwrite sensitive internal files in the Voice Recorder app's storage. This can be done without complex user interaction, as the vulnerability is triggered automatically when the victim opens the malicious app.