A critical buffer overflow vulnerability in Nsauditor allows remote attackers to execute arbitrary code and gain full control of the host system by exploiting the DNS Lookup tool.

The DNS Lookup tool within Nsauditor fails to properly validate the size of incoming DNS query responses. This allows an attacker to send a malicious payload that triggers a three-byte overwrite, enabling them to bypass Address Space Layout Randomization (ASLR) and execute arbitrary shellcode.

Successful exploitation results in complete system compromise. Since Nsauditor is a security auditing tool often run with elevated privileges, an attacker gaining code execution could potentially compromise the entire network being audited. The CVSS score of 9.8 reflects the high probability of successful remote exploitation and total impact on confidentiality and integrity.

Immediate Action: Update Nsauditor to the latest available version. If a patch is unavailable, discontinue use of the DNS Lookup tool within the application.

Proactive Monitoring: Monitor for unusual outbound DNS traffic or crashes of the Nsauditor process, which may indicate failed exploitation attempts.

Compensating Controls: Use network-level DNS filtering and ensure that the host running Nsauditor is isolated from untrusted networks.

Public Exploit Available: No

The delay in disclosure increases the risk that legacy systems remain vulnerable. We recommend that security teams immediately identify any installations of Nsauditor and apply updates. Because this tool is used for security auditing, its compromise would be particularly damaging to the organization's overall security posture.