Background: The software in question is a purpose built mapping system designed originally for Windows XP, but is currently run without any major issues on Windows 10. It can be run locally or by logging into our servers through a built-in UI, but only from registered IP addresses. I do not know what language the software was written in (we think .NET), the devs/maintainers have long since left.
Problem: The software has an option to submit some data as a file or by filling it in a textbox. The issue is that software hard crashes if someone provides too large a list in that textbox (roughly greater than 8200 lines). It also crashes if the data in the text file is large, but the limit there is much higher (seems to be around 750 MB).
It does not give any reason for the crash, but Windows Event Viewer says:
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FF7BBD6943E
The exception address is occasionally just zeroes and other times an actual memory address.
I’ve tried to get the error after launching the software from the terminal, but it still does not give any error message. The crash is the same whether the software is run locally or server-side.
I know that buffer overflows are a major point of vulnerability, but I’m not sure that is what is happening here, or if it is some sort of UI failure, or what.
Question: Should I be concerned about this as a major security issue?
I’m inclined to not be, considering this is fairly obscure piece of software that is probably used by less than 10 people over the world and probably all of them are in the same department. Plus, the fact that only people whose IPs are registered into the software can run it server-side. But I would appreciate some outside advice.