CVE-2020-37203
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service in Office Product Key Finder via Registration Code Input

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: VulnCheck

Description
Office Product Key Finder 1.5.4 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the registration code input. Attackers can create a specially crafted text file and paste it into the 'Name and Key' field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37203
EUVD
EUVD-2020-31185
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsauditor office_product_key_finder to 1.5.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37203 is a denial of service (DoS) vulnerability in Office Product Key Finder version 1.5.4. It occurs when an attacker manipulates the registration code input by creating a specially crafted text file and pasting its contents into the 'Name and Key' field of the application. This causes the application to crash."}, {'type': 'paragraph', 'content': 'The root cause is a buffer overflow (CWE-120) due to the application copying data without checking the input size, leading to the crash.'}] [2, 1]

Impact Analysis

This vulnerability can impact you by causing the Office Product Key Finder application to crash, resulting in a denial of service. An attacker with local access and the ability to interact with the user interface can trigger this crash by pasting a maliciously crafted registration code.

The impact is limited to availability disruption of the application, with no direct impact on confidentiality or integrity.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on the Office Product Key Finder 1.5.4 application.'}, {'type': 'paragraph', 'content': "A proof-of-concept exploit involves creating a specially crafted text file containing a large buffer of repeated 'A' characters with a single 't' character near the end."}, {'type': 'paragraph', 'content': 'The detection steps are as follows:'}, {'type': 'list_item', 'content': 'Create a text file (e.g., CRASHER.txt) with the crafted input buffer.'}, {'type': 'list_item', 'content': 'Open Office Product Key Finder and navigate to the "Register" tab.'}, {'type': 'list_item', 'content': 'Select "Enter Registration Code" and paste the contents of the crafted text file into the "Name and Key" field.'}, {'type': 'list_item', 'content': 'Click "OK" and observe if the application crashes, indicating the presence of the vulnerability.'}, {'type': 'paragraph', 'content': "A Python script can be used to generate the crafted input file by writing a large buffer of 'A' characters with a 't' near the end."}] [1, 2]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37203. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart