← back
CVE-2018-25276

RoboImport 1.2.0.72 Denial of Service via Registration Fields

CVSS 6.8 MEDIUMEPSS 0.1%CWE-120
RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byte buffer into the Registration Name and Registration Key fields and click Register to trigger an application crash.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Affected products
Picajet · RoboImport
public PoCs found1
cve_referencewww.exploit-db.com/exploits/45382unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/45382https://www.vulncheck.com/advisories/roboimport-denial-of-service-via-registration-fieldshttp://www.picajet.com/download/RoboImportInstall.exe