CVE-2019-10951

Name of the Vulnerable Software and Affected Versions Delta Industrial Automation CNCSoft ScreenEditor version 1.00.88 and prior

Description The issue is related to multiple heap-based buffer overflow vulnerabilities that can be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This is due to a lack of user input validation before copying data from project files onto the heap.

Recommendations For Delta Industrial Automation CNCSoft ScreenEditor version 1.00.88 and prior, update to a version that addresses the heap-based buffer overflow vulnerabilities to prevent remote code execution. As a temporary workaround, consider restricting the processing of project files from untrusted sources to minimize the risk of exploitation.