PT-2017-16415 · Rapid7 · Rapid7 Appspider Pro

Published

2017-05-03

Updated

2017-05-16

CVE-2017-5240

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Rapid7 AppSpider Pro versions prior to 6.14.060

Description The issue is related to a heap-based buffer overflow in the FLAnalyzer.exe component. This can be triggered by a malicious or malformed Flash source file, leading to a denial of service condition where the application crashes.

Recommendations For versions prior to 6.14.060, update to version 6.14.060 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of Flash source files by the FLAnalyzer.exe component until the update is applied.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-5240

Affected Products

Rapid7 Appspider Pro

PT-2017-16415 · Rapid7 · Rapid7 Appspider Pro

CVE-2017-5240

Weakness Enumeration

Related Identifiers

Affected Products

References · 3