CVE-2020-7552

Name of the Vulnerable Software and Affected Versions IGSS Definition (Def.exe) version 14.0.0.20247

Description A vulnerability exists in IGSS Definition that could cause Remote Code Execution when a malicious CGF (Configuration Group File) file is imported. This issue is related to improper restriction of operations within the bounds of a memory buffer, which can lead to an out-of-bounds write.

Recommendations For version 14.0.0.20247, consider restricting the import of CGF files from untrusted sources until a patch is available. As a temporary workaround, avoid using the Def.exe to import CGF files that may be malicious. At the moment, there is no information about a newer version that contains a fix for this vulnerability.