10-Strike Network Inventory Explorer 8.54 Buffer Overflow SEH

## Vulnerability 10-Strike Network Inventory Explorer version 8.54 (and possibly the Pro edition) contains a stack-based buffer overflow vulnerability in the registration key input field [1][2][3]. The flaw resides in the code that processes the registration key entered through the Help menu's "Enter Registration Key" dialog [2]. By providing a crafted string of 4188 bytes of padding followed by SEH chain values and shellcode, the application's structured exception handler can be overwritten [2][3]. The vulnerability is classified as CWE-121 (Stack-based Buffer Overflow) [3].

Exploitation

An attacker must have local access to a machine running the vulnerable software and be able to interact with the graphical user interface [2][3]. The exploit does not require authentication or user interaction beyond pasting the crafted registration key [2][3]. The proof-of-concept steps are: under Help, click 'Enter Registration Key', paste the contents of a malicious file (e.g., Evil.txt) into the input field, and click OK [2]. The exploit relies on the lack of protection in modules such as sqlite3.dll, ssleay32.dll, and MSVCR71.dll [2].

Impact

Successful exploitation allows the attacker to execute arbitrary code with the privileges of the application [1][2][3]. The CVSS 4.0 severity is rated with high impact on confidentiality, integrity, and availability (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H) [3]. The proof-of-concept payload demonstrated a bind shell on TCP (port 4444) on a Windows 7 SP1 (x86) system [2].

Mitigation

As of the available references, no official patch or fixed version has been released by the vendor [2][3]. The vulnerability was disclosed to the vendor on June 2, 2018, and June 3, 2018, with no response [2]. The proof of concept was published on June 5, 2018 [2]. Users are advised to restrict local access to the application and treat unsolicited registration key inputs as potentially malicious until a patch is provided [2][3].