PT-2021-5075 · Fatek · Winproladder

Xina1I

Published

2021-11-16

Updated

2022-04-01

CVE-2021-43556

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions FATEK WinProladder versions 3.30 24518 and prior

Description The issue is related to a stack-based buffer overflow that occurs while processing project files, which may allow an attacker to execute arbitrary code. This can be exploited by an attacker to gain unauthorized access and control.

Recommendations For versions 3.30 24518 and prior, consider avoiding the use of project files from untrusted sources until a patch is available. As a temporary workaround, restrict access to the project file processing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2021-05855

CVE-2021-43556

ZDI-22-029

ZDI-22-031

ZDI-22-032

Affected Products

Winproladder

PT-2021-5075 · Fatek · Winproladder

CVE-2021-43556

Weakness Enumeration

Related Identifiers

Affected Products

References · 10