CVE-2021-3375

Vulnerability

ActivePresenter version 6.1.6 (x86) suffers from a memory corruption vulnerability, specifically a write access violation, that occurs when processing a crafted project file (.approj). The crash was discovered via fuzzing and results in an access violation at address 0x3a002200 due to writing to an invalid memory location. The vulnerable code path involves functions in the image01310000 module and MSVCR90!free, triggered by malformed input in the project file. [1]

Exploitation

An attacker can trigger the vulnerability by persuading a user to open a specially crafted .approj file in ActivePresenter 6.1.6. No special network position or authentication is required; the attack relies on user interaction. The fuzzer FOE2 was used to generate the crashing input, which causes a write access violation when the application attempts to process the file. [1]

Impact

Successful exploitation results in a write access violation (STATUS_ACCESS_VIOLATION), leading to a denial of service (application crash). The nature of the memory corruption suggests potential for arbitrary code execution, though the references do not confirm code execution capabilities. The attacker gains the ability to crash the application, and if code execution is achieved, could run arbitrary commands in the context of the affected user. [1]

Mitigation

As of the publication date (2021-02-15), no official patch or fixed version has been released by the vendor (ATOMI). Users should avoid opening untrusted .approj files as a workaround until a fix is available. The vulnerability is not known to be listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. [1]