CVE Catalog

CVE-2020-37131

MediumCVSS 6.2
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

12th percentile - higher than 12% of all known CVEs

Summary

Nsauditor Product Key Explorer version 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.

Risk Assessment

The risk is that a local user can intentionally crash the application, potentially leading to data loss or service disruption. This vulnerability can be exploited for a denial of service attack at the application level.

Recommendation

It is recommended to update Nsauditor Product Key Explorer to the latest version that includes a fix for this vulnerability. Additionally, restrict local system access to trusted users only.

Original NVD description (English source)

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS