Angry IP Scanner Buffer Overflow Vulnerability Leading to Denial-of-Service
Vulnerability
A buffer overflow vulnerability has been identified in Angry IP Scanner version 3.5.3, specifically within the preferences dialog. This vulnerability allows local attackers to cause a denial-of-service by crashing the application. Exploitation involves supplying an excessively large string into a field that is not properly validated. Attackers can create a file containing a massive buffer of repeated characters, which can then be pasted into the unavailable value field in the display preferences to trigger the crash.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.
Reproduction
To reproduce this vulnerability, first generate a file with a large buffer of repeated characters. Save this file and open Angry IP Scanner. Navigate to the 'Tools' menu and select 'Preferences'. In the 'Display' tab, paste the contents of the clipboard, which should contain the large buffer, into the 'Unavailable value field'. Click 'OK' to apply the changes, which will result in the application crashing.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.