A critical buffer overflow vulnerability in 10-Strike Network Inventory Explorer allows remote attackers to execute arbitrary code by tricking a user into importing a malicious file.

The vulnerability exists in the file import feature. By crafting a malicious text file with a specifically constructed payload, an attacker can trigger a stack-based buffer overflow. This allows the attacker to bypass Data Execution Prevention (DEP) using a ROP chain and execute arbitrary code on the system.

Network Inventory Explorer is typically used by system administrators to manage corporate assets. A compromise of this tool could allow an attacker to gain administrative access to the management workstation, leading to the theft of network topology data, credentials, and potential lateral movement. The CVSS score of 9.8 underscores the severe impact of this RCE flaw.

Immediate Action: Update 10-Strike Network Inventory Explorer to the latest version. Avoid importing files from untrusted or unknown sources until the update is applied.

Proactive Monitoring: Use Endpoint Detection and Response (EDR) tools to monitor the Network Inventory Explorer process for suspicious child processes or memory anomalies.

Compensating Controls: Restrict the application's permissions to the minimum required for its function and use sandboxing for file import operations where possible.

Public Exploit Available: No

Because this tool is central to asset management, its security is paramount. We recommend an immediate update to the latest version provided by 10-Strike Software. Administrators should be cautioned against importing inventory data from any source that has not been strictly verified, as this is the primary infection vector.