Softdisk Buffer Overflow Vulnerability Leading to Denial-of-Service
Vulnerability
A buffer overflow vulnerability has been identified in Softdisk version 3.0.3, specifically within the registration code dialog. This vulnerability allows local attackers to cause a denial-of-service by crashing the application with an oversized string. The issue can be exploited by entering a 6000-byte payload in the 'Registration Name' field through the 'Help' menu's 'Enter Registration Code' dialog.
Impact
Exploitation of this vulnerability leads to a crash of the Softdisk application, causing a denial-of-service condition.
Reproduction
To reproduce this vulnerability, first create a text file named 'exploit.txt' containing a 6000-byte payload of repeated characters. After the file is created, open the Softdisk application and navigate to 'Help' > 'Enter Registration Code...'. In the dialog that appears, paste the 6000-byte payload into the 'Registration Name' field and enter a string of numbers into the 'Registration Code' field. Click 'OK' to trigger the crash.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.