SOUND4 LinkAndShare Transmitter 1.1.2 Format String Stack Buffer Overflow

SOUND4 LinkAndShare Transmitter version 1.1.2 suffers from a format string memory leak and stack buffer overflow vulnerability because it fails to properly sanitize user supplied input when calling the getenv() function from MSVCR120.DLL resulting in a crash overflowing the memory stack and leaking sensitive information. The attacker can abuse the username environment variable to trigger and potentially execute code on the affected system.

abuse buffer buffer overflow buffer overflow vulnerability code crash dll environment environment variable format string function information input leak memory memory leak overflow sensitive information system trigger username variable version version 1 vulnerability