CVE-2020-37131
MediumCVSS 6.2Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
Nsauditor Product Key Explorer version 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.
Risk Assessment
The risk is that a local user can intentionally crash the application, potentially leading to data loss or service disruption. This vulnerability can be exploited for a denial of service attack at the application level.
Recommendation
It is recommended to update Nsauditor Product Key Explorer to the latest version that includes a fix for this vulnerability. Additionally, restrict local system access to trusted users only.
Original NVD description (English source)
Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.

