CVE-2010-5299

Name of the Vulnerable Software and Affected Versions MicroP version 0.1.1.1600

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a crafted .mppl file. The overflow is reportedly related to the lpFileName parameter of the CreateFileA function, although it is likely caused by a separate, unnamed function.

Recommendations For MicroP version 0.1.1.1600, consider restricting access to the CreateFileA function or the unnamed function causing the overflow until a patch is available. Avoid using the lpFileName parameter with untrusted input in the affected function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.