CVE-2018-25378
MEDIUMNotebook Pro 2.0 Denial of Service via Notebook Name Field
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2018-25378. PoCs published by Ali Alipour.
AI-analyzed exploit summary This Python script generates a malicious payload to trigger a Denial of Service (DoS) in Notebook Pro 2.0 by overwriting a buffer with 500 'A' characters. The exploit creates a file named 'Notebook.txt' which, when pasted into the application's 'New Notebook Name' field, causes the software to crash.
Description
Notebook Pro 2.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the notebook name field. Attackers can create a malicious text file containing 500 or more characters, paste the content into the New Notebook Name field, and trigger an application crash when attempting to create and save the notebook.
Exploits (1)
This Python script generates a malicious payload to trigger a Denial of Service (DoS) in Notebook Pro 2.0 by overwriting a buffer with 500 'A' characters. The exploit creates a file named 'Notebook.txt' which, when pasted into the application's 'New Notebook Name' field, causes the software to crash.
References (2)
Scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H