PT-2018-14018 · Zahir · Zahir Accounting Enterprise Plus

F3Ci

Published

2018-10-03

Updated

2020-08-24

CVE-2018-17408

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Zahir Accounting Enterprise Plus versions 6 through 10b

Description The issue allows remote attackers to execute arbitrary code via a crafted CSV file that is accessed through the Import CSV File menu. This is due to stack-based buffer overflows.

Recommendations For versions 6 through 10b, consider avoiding the use of the Import CSV File menu until a fix is available, and restrict access to this feature to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2018-17408

Affected Products

Zahir Accounting Enterprise Plus

PT-2018-14018 · Zahir · Zahir Accounting Enterprise Plus

CVE-2018-17408

Weakness Enumeration

Related Identifiers

Affected Products

References · 6