CVE-2018-10598

Name of the Vulnerable Software and Affected Versions: CNCSoft versions 1.00.83 and prior CNCSoft ScreenEditor versions 1.00.54 and prior

Description: The issue is related to two out-of-bounds read vulnerabilities that could cause the software to crash due to lacking user input validation for processing project files. This may allow an attacker to gain remote code execution with administrator privileges if exploited.

Recommendations: For CNCSoft versions 1.00.83 and prior, update to a version that includes input validation for project files to prevent out-of-bounds read vulnerabilities. For CNCSoft ScreenEditor versions 1.00.54 and prior, restrict access to project files until a patch is available that addresses the out-of-bounds read vulnerabilities.