CVE-2020-37212
Awaiting Analysis Awaiting Analysis - Queue
Denial of Service via Name Field Overflow in SpotMSN

Publication date: 2026-02-11

Last updated on: 2026-02-26

Assigner: VulnCheck

Description
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-26
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-15
NVD
CVE-2020-37212
EUVD
EUVD-2020-31171
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nsasoft spotmsn to 2.4.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-120 The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2020-37212 is a denial of service (DoS) vulnerability in SpotMSN version 2.4.6 that occurs in the registration process. Specifically, the vulnerability arises from a buffer overflow in the 'Name' input field, where the application does not properly validate the length of the input."}, {'type': 'paragraph', 'content': "An attacker can exploit this by entering a specially crafted payload of about 1000 characters into the 'Name' field during registration, which causes the application to crash and become unavailable."}] [1, 2]

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability can impact you by causing the SpotMSN application to crash, resulting in a denial of service condition.'}, {'type': 'paragraph', 'content': "An attacker with local access and the ability to interact with the user interface can trigger this crash by inputting a long payload into the 'Name' field during registration, making the application unstable or unusable."}, {'type': 'paragraph', 'content': 'This can disrupt normal operations and availability of the software, potentially affecting productivity or service continuity.'}] [1, 2]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to reproduce the denial of service condition on SpotMSN 2.4.6 running on Windows 10.'}, {'type': 'paragraph', 'content': "A proof-of-concept method involves generating a payload of 1000 'A' characters and pasting it into the 'Name' input field during the registration process."}, {'type': 'list_item', 'content': "Run a Python script to create a file named 'poc.txt' containing 1000 'A' characters."}, {'type': 'list_item', 'content': 'Open SpotMSN, navigate to Register -> Enter Registration Code.'}, {'type': 'list_item', 'content': "Copy the contents of 'poc.txt' and paste it into the 'Name' field."}, {'type': 'list_item', 'content': "Click 'Ok' and observe if the application crashes, indicating the presence of the vulnerability."}] [1]

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-37212. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart