CVE-2020-37188

HIGH

SpotOutlook 1.2.6 - Denial of Service via Registration Name Input Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37188. PoCs published by Ismail Tasdelen.

AI-analyzed exploit summary This PoC exploits a buffer overflow vulnerability in SpotOutlook 1.2.6 by writing a large payload of 'A' characters to a file, which when pasted into the 'Name' field during registration, causes the application to crash. The exploit demonstrates a Denial of Service (DoS) condition.

Description

SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ismail Tasdelen · pythondoswindows
https://www.exploit-db.com/exploits/47906

This PoC exploits a buffer overflow vulnerability in SpotOutlook 1.2.6 by writing a large payload of 'A' characters to a file, which when pasted into the 'Name' field during registration, causes the application to crash. The exploit demonstrates a Denial of Service (DoS) condition.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: SpotOutlook 1.2.6
No auth needed
Prerequisites: SpotOutlook 1.2.6 installed on Windows 10 · Python to generate the payload file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/47906
Various Sources product
http://www.nsauditor.com/

Scores

CVSS v3 7.5
EPSS 0.0039
EPSS Percentile 31.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-120
Status published
Published Feb 11, 2026
Tracked Since Feb 18, 2026