Leawo Prof. Media Denial-of-Service Vulnerability
Vulnerability
A denial-of-service vulnerability has been identified in Leawo Prof. Media version 11.0.0.1. This issue allows attackers to crash the application by sending an oversized payload in the activation keycode field. The vulnerability arises because the application does not properly validate the size of the input, enabling a buffer overflow scenario. Exploitation involves generating a 6000-byte buffer of repeated characters, which, when pasted into the registration interface, triggers an application crash.
Impact
Exploitation of this vulnerability leads to a crash of the Leawo Prof. Media application, causing a denial-of-service condition where the application becomes unresponsive or unavailable.
Reproduction
To reproduce this vulnerability, create a text file named 'Evil.txt' containing 6000 bytes of repeated characters. After saving the file, open Leawo Prof. Media and navigate to the Activation Center. Copy the contents of 'Evil.txt' into the Keycode field and click 'Register'. The application will crash, demonstrating the denial-of-service vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.