CVE-2020-7558

Name of the Vulnerable Software and Affected Versions IGSS Definition (Def.exe) version 14.0.0.20247

Description A CWE-787 Out-of-bounds Write issue exists in the IGSS Definition (Def.exe) that could cause Remote Code Execution when a malicious CGF (Configuration Group File) file is imported. This is related to a buffer overflow in memory, which can be exploited to execute arbitrary code.

Recommendations For version 14.0.0.20247, consider avoiding the import of CGF files from untrusted sources until a patch is available. As a temporary workaround, restrict the use of the CGF file parsing functionality in IGSS Definition to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.