PT-2019-15086 · Clipsoft · Clipsoft Rexpert

Published

2019-10-30

Updated

2019-11-01

CVE-2019-17323

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ClipSoft REXPERT versions 1.0.0.527 and earlier

Description The issue allows for arbitrary file creation and execution through the report print function of the rexpert viewer by using a modified XML document. User interaction is required, where the target must visit a malicious web page to exploit this issue.

Recommendations For ClipSoft REXPERT versions 1.0.0.527 and earlier, consider disabling the report print function of the rexpert viewer until a fix is available to prevent arbitrary file creation and execution. Restrict access to modified XML documents to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2019-17323

Affected Products

Clipsoft Rexpert

PT-2019-15086 · Clipsoft · Clipsoft Rexpert

CVE-2019-17323

Weakness Enumeration

Related Identifiers

Affected Products

References · 3