DNSS Domain Name Search Software Buffer Overflow Vulnerability Leading to Denial-of-Service
Vulnerability
A buffer overflow vulnerability has been identified in DNSS Domain Name Search Software version 2.1.8. The issue resides in the registration code input field, where local attackers can cause the application to crash by submitting overly long strings. Exploitation involves pasting a registration code with 300 repeated characters into the Name/Key field via the Register menu, effectively triggering a denial-of-service condition.
Impact
Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.
Reproduction
To reproduce this vulnerability, first, create a text file named 'DNSS.txt' and write a string of 300 repeated characters into it. Then, open DNSS Domain Name Search Software 2.1.8 on a Windows system. Navigate to the 'Register' menu and select 'Enter Registration Code...'. In the Name/Key field, paste the contents of 'DNSS.txt' and click 'Ok'. The application will crash, demonstrating the denial-of-service vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.