CVE-2020-11614

Name of the Vulnerable Software and Affected Versions Mids' Reborn Hero Designer version 2.6.0.7

Description The issue concerns the application's update process, where it downloads update manifests and files over cleartext HTTP. Furthermore, the application lacks file integrity validation for downloaded files. This setup allows an attacker to perform a man-in-the-middle attack, replacing executable files with malicious versions. As a result, the operating system executes these malicious files under the context of the user running the application.

Recommendations For version 2.6.0.7, consider restricting the application's ability to download updates over cleartext HTTP until a secure update mechanism is implemented. As a temporary workaround, users should be cautious when updating the application and ensure they are using a trusted network connection to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.