CVE-2020-7557

Name of the Vulnerable Software and Affected Versions IGSS Definition (Def.exe) version 14.0.0.20247

Description A CWE-125 Out-of-bounds Read issue exists in IGSS Definition that could cause Remote Code Execution when a malicious CGF (Configuration Group File) file is imported. This issue is related to a buffer read out of bounds in memory, which can be exploited to execute arbitrary code.

Recommendations For version 14.0.0.20247, consider disabling the import of CGF files until a patch is available to prevent potential Remote Code Execution. Restrict access to the Def.exe file to minimize the risk of exploitation. Avoid using malicious CGF files in the affected IGSS Definition. At the moment, there is no information about a newer version that contains a fix for this vulnerability.