10-Strike Network Inventory Explorer Pro Buffer Overflow Vulnerability Allowing Remote Code Execution

A buffer overflow vulnerability has been identified in 10-Strike Network Inventory Explorer Pro version 9.31. This vulnerability arises in the text file import feature, where attackers can create a malicious text file containing a payload that triggers a reverse shell, allowing arbitrary code execution on the affected system.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution on the target system. The executed code can include a reverse shell, providing remote access to the attacker.

Reproduction

To reproduce this vulnerability, first generate an overflow file using a Python exploit script. Transfer this file to a Windows 10 machine with the vulnerable version of 10-Strike Network Inventory Explorer Pro installed. After setting up a Netcat listener on the attacker's machine, open the application and navigate to the 'Computers' tab. Select the 'From Text File' option and open the transferred overflow file. This action will trigger the buffer overflow, resulting in a reverse shell connection to the attacker's machine.