AssertSpecial Overflow, technically known as AssertSpecial's Flag Buffer Overflow Attack or ASOF, is a vulnerability in all the M.U.G.E.N Engine versions that allows for arbitrary code execution at the time of character selection.
As a part of the SuperNull exploit series, it is executed when a character is loaded during the character selection, making it a good alternative to the StateDef Overflow vulnerability as the latter is usually sealed by other characters.
Exploit Details[]
As implied by the vulnerability's technical name, it takes advantage of a Buffer Overflow type vulnerability in the AssertSpecial State Controller's flag parser. Subject parser's buffer size is assigned to 64 bytes by default, and when an AssertSpecial flag text line exceeds the assigned size, it will cause the parser's return address to be overwritten, resulting in a potential arbitrary code execution.
Example of an AssertSpecial state controller with a flawed flag parameter to overflow the parser's buffer memory:
[StateDef 255] [State ] Type = AssertSpecial Trigger1 = 1 Flag = W@B�ÿàEis![AssertSpecial exploit made by CyberAkumaTv!]²)ÊÞ%r@ ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌ
1.0/1.1[]
Although the vulnerability still functions in these engine builds, shellcodes cannot be directly used but ROP chains, as stated in the exploit series article. It is one of the best vulnerabilities to use for this kind of characters, as it provides the necessary data pointers to make the exploit as stable as possible.