PT-2019-12852 · Sweetscape · 010 Editor
Published
2019-06-05
·
Updated
2020-08-24
·
CVE-2019-12554
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SweetScape 010 Editor version 9.0.1
Description
The issue arises from improper validation of arguments in the internal implementation of the
WSubStr function, which is provided by the scripting engine. This allows an attacker to cause a denial of service by crashing the application.Recommendations
For SweetScape 010 Editor version 9.0.1, consider disabling the
WSubStr function as a temporary workaround until a patch is available.Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
010 Editor