CVE-2020-7550

Name of the Vulnerable Software and Affected Versions IGSS Definition (Def.exe) versions 14.0.0.20247 and prior

Description A memory buffer vulnerability exists that could cause Remote Code Execution when a malicious CGF (Configuration Group File) file is imported to IGSS Definition. The issue is related to improper restriction of operations within the bounds of a memory buffer, which may allow an attacker to execute arbitrary code.

Recommendations For versions 14.0.0.20247 and prior, consider restricting the import of CGF files from untrusted sources until a patch is available. As a temporary workaround, avoid using the Def.exe file to import CGF files that may be malicious. At the moment, there is no information about a newer version that contains a fix for this vulnerability.