SpotIE Internet Explorer Password Recovery Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in SpotIE Internet Explorer Password Recovery version 2.9.5. The issue arises in the registration key input field, where local attackers can cause the application to crash by entering an excessively long string. Specifically, a 256-character payload can be pasted into the Key field during the registration process, triggering a buffer overflow that leads to the application crashing.

Impact

Exploitation of this vulnerability causes the application to crash, creating a denial-of-service condition.

Reproduction

To reproduce this vulnerability, first run a Perl script that generates a 256-character string composed of repeated 'E' characters and saves it to a file named 'SpotIE.txt'. Then, open SpotIE Internet Explorer Password Recovery and navigate to the registration section. After entering a name, paste the contents of 'SpotIE.txt' into the Key field and confirm. The application will crash, demonstrating the denial-of-service vulnerability.