PT-2018-9989 · Cncsoft · Cncsoft+1

Mat Powell

Published

2018-08-13

Updated

2019-10-09

CVE-2018-10598

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions: CNCSoft versions 1.00.83 and prior CNCSoft ScreenEditor versions 1.00.54 and prior

Description: The issue is related to two out-of-bounds read vulnerabilities that could cause the software to crash due to lacking user input validation for processing project files. This may allow an attacker to gain remote code execution with administrator privileges if exploited.

Recommendations: For CNCSoft versions 1.00.83 and prior, update to a version that includes input validation for project files to prevent out-of-bounds read vulnerabilities. For CNCSoft ScreenEditor versions 1.00.54 and prior, restrict access to project files until a patch is available that addresses the out-of-bounds read vulnerabilities.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2018-10598

ZDI-18-987

ZDI-18-988

Affected Products

Cncsoft

Cncsoft Screeneditor

PT-2018-9989 · Cncsoft · Cncsoft+1

CVE-2018-10598

Weakness Enumeration

Related Identifiers

Affected Products

References · 6