CVE-2020-7837

Name of the Vulnerable Software and Affected Versions Infraware ML Report version 2.19.312.0000

Description An issue was discovered in the ML Report Program, where a stack-based buffer overflow occurs in the function sub 41EAF0 at MLReportDeamon.exe. This happens because the function calls vsprintf without checking the length of strings in parameters given by an attacker, leading to a stack-based buffer overflow via access to a crafted web page.

Recommendations For Infraware ML Report version 2.19.312.0000, consider disabling the sub 41EAF0 function in MLReportDeamon.exe as a temporary workaround until a patch is available. Restrict access to crafted web pages to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.