Recently we have discovered a Buffer Overflow CodeBlocks vulnerability in version 17.12 that leads to Remote Code Execution. The vulnerability is identified by ID CVE-2020-10814. The vulnerability exists in the way the project files processed and requires basic user interaction.
The vulnerability was discovered by manipulating CodeBlocks Project Files (file extension .cbp). After extensive testing, we have discovered that after supplying a sufficient amount of characters in the project file’s XML object_output attribute, loading the project into the CodeBlocks IDE and pressing ‘Build and run’ results in a crash of the application, which can be later leveraged into Remote Code Execution.
This article will discuss on how to replicate the buffer overflow vulnerability on a Windows 10 64-bit virtual machine. The prerequisites are as follows:
- A Windows 10 64-bit machine
- Code::Blocks IDE 17.12
- Python version 2.7
To get started, let us first generate our initial malicious project file. Open CodeBlocks IDE and click on ‘Create a new project’
Follow the process of creating a new project as follows
After you have finished creating the project, open the .cbp file in the your maliciousProject directory with a text editor of your choice and keep it open. Now we will generate our PoC payload. Open up your Python IDLE, and enter the following command
This will generate and print a buffer that consists of 6 thousand characters “A”. Copy the output buffer and open up your text editor. Replace the first instance of ‘obj/Debug/’ with the buffer you have copied.
Save your changes and open Code::Blocks. Press ‘Build and run’.
That’s it, you’ve got your Code::Blocks instance crash.