CVE-2020-37203
Denial of Service in Office Product Key Finder via Registration Code Input
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nsauditor | office_product_key_finder | to 1.5.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2020-37203 is a denial of service (DoS) vulnerability in Office Product Key Finder version 1.5.4. It occurs when an attacker manipulates the registration code input by creating a specially crafted text file and pasting its contents into the 'Name and Key' field of the application. This causes the application to crash."}, {'type': 'paragraph', 'content': 'The root cause is a buffer overflow (CWE-120) due to the application copying data without checking the input size, leading to the crash.'}] [2, 1]
How can this vulnerability impact me? :
This vulnerability can impact you by causing the Office Product Key Finder application to crash, resulting in a denial of service. An attacker with local access and the ability to interact with the user interface can trigger this crash by pasting a maliciously crafted registration code.
The impact is limited to availability disruption of the application, with no direct impact on confidentiality or integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the Office Product Key Finder 1.5.4 application.'}, {'type': 'paragraph', 'content': "A proof-of-concept exploit involves creating a specially crafted text file containing a large buffer of repeated 'A' characters with a single 't' character near the end."}, {'type': 'paragraph', 'content': 'The detection steps are as follows:'}, {'type': 'list_item', 'content': 'Create a text file (e.g., CRASHER.txt) with the crafted input buffer.'}, {'type': 'list_item', 'content': 'Open Office Product Key Finder and navigate to the "Register" tab.'}, {'type': 'list_item', 'content': 'Select "Enter Registration Code" and paste the contents of the crafted text file into the "Name and Key" field.'}, {'type': 'list_item', 'content': 'Click "OK" and observe if the application crashes, indicating the presence of the vulnerability.'}, {'type': 'paragraph', 'content': "A Python script can be used to generate the crafted input file by writing a large buffer of 'A' characters with a 't' near the end."}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
I don't know