PT-2018-6596 · Handy Password · Handy Password

Publicado

2018-01-10

Atualizado

2018-02-02

CVE-2017-17946

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Handy Password version 4.9.3

Description: A buffer overflow issue allows remote attackers to execute arbitrary code via a long Title name field in mail box data that is mishandled in an Open from mail box action.

Recommendations: For Handy Password version 4.9.3, consider avoiding the use of long Title name fields in mail box data until a patch is available. As a temporary workaround, restrict the handling of Open from mail box actions to minimize the risk of exploitation.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2017-17946

Produtos afetados

Handy Password

PT-2018-6596 · Handy Password · Handy Password

CVE-2017-17946

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4