CVE-2018-25274
MEDIUMInfraRecorder 0.53 Denial of Service via txt File Import
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2018-25274. PoCs published by Gionathan Reale.
AI-analyzed exploit summary This Python script generates a malicious '.txt' file containing a large buffer of 'A' characters (6000 bytes) to trigger a Denial of Service (DoS) in InfraRecorder 0.53 when imported via the 'Edit' > 'Import' functionality. The exploit leverages a buffer overflow vulnerability to crash the application.
Description
InfraRecorder 0.53 contains a denial of service vulnerability that allows local attackers to crash the application by importing a maliciously crafted text file. Attackers can create a text file containing 6000 bytes of data and import it through the Edit menu's Import function to trigger an application crash.
Exploits (1)
This Python script generates a malicious '.txt' file containing a large buffer of 'A' characters (6000 bytes) to trigger a Denial of Service (DoS) in InfraRecorder 0.53 when imported via the 'Edit' > 'Import' functionality. The exploit leverages a buffer overflow vulnerability to crash the application.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H