Description
SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application.
Published: 2026-03-11
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Update
AI Analysis

Impact

SpotIE Internet Explorer Password Recovery 2.9.5 includes a buffer overflow vulnerability (CWE-787) in the registration key input field. An attacker with local access can paste a 256‑character payload into the Key field during registration to trigger the overflow and crash the application, resulting in a denial‑of‑service condition. The crash limits the impact to application availability; it does not provide direct access to sensitive data or further code execution.

Affected Systems

Affected product: Nsauditor:SpotIE Internet Explorer Password Recovery version 2.9.5. No additional version detail is supplied by the CNA. The flaw is local, requiring the attacker to run the application on the target machine or be able to manipulate the registration form in that environment.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity vulnerability. EPSS is below 1%, reflecting a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers need local access; thus the risk is confined to availability. The medium CVSS score together with the low EPSS suggest that the overall risk to systems is moderate but primarily limited to service disruption.

Generated by OpenCVE AI on March 17, 2026 at 15:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any vendor patch or update to SpotIE Internet Explorer Password Recovery that addresses the key field buffer overflow.
  • If no patch is available, restrict local access to the application or disable the registration feature to prevent exploitation.
  • Verify the fix by attempting to register with a 256‑character key to ensure the application no longer crashes.

Generated by OpenCVE AI on March 17, 2026 at 15:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Nsauditor
Nsauditor spotie Internet Explorer Password Recovery
Vendors & Products Nsauditor
Nsauditor spotie Internet Explorer Password Recovery

Wed, 11 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
Description SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application.
Title SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Nsauditor Spotie Internet Explorer Password Recovery
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-07T14:04:22.548Z

Reserved: 2026-02-22T14:03:36.017Z

Link: CVE-2019-25463

cve-icon Vulnrichment

Updated: 2026-03-11T19:23:12.010Z

cve-icon NVD

Status : Deferred

Published: 2026-03-11T19:15:59.260

Modified: 2026-04-15T14:56:45.970

Link: CVE-2019-25463

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:29:55Z

Weaknesses