CVE-2018-10636

Name of the Vulnerable Software and Affected Versions CNCSoft versions 1.00.83 and prior ScreenEditor versions 1.00.54 and prior

Description The software has multiple stack-based buffer overflow issues due to inadequate user input validation before copying data from project files onto the stack. This could cause the software to crash and may allow an attacker to gain remote code execution with administrator privileges if exploited.

Recommendations For CNCSoft versions 1.00.83 and prior, update to a version later than 1.00.83 to resolve the issue. For ScreenEditor versions 1.00.54 and prior, update to a version later than 1.00.54 to resolve the issue. As a temporary workaround, consider disabling the use of DPB files in the ScreenEditor until a patch is available. Restrict access to the ScreenEditor to minimize the risk of exploitation.