← back
CVE-2020-37188

SpotOutlook 1.2.6 - 'Name' Denial of Service

CVSS 4.6 MEDIUMEPSS 0.4%CWE-120
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected products
Nsasoft · Nsauditor SpotOutlook

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/47906https://www.vulncheck.com/advisories/spotoutlook-name-denial-of-servicehttp://www.nsauditor.com/