CVE-2022-27579

Name of the Vulnerable Software and Affected Versions Flexi Soft Designer versions up to and including 1.9.4 SP1

Description A deserialization vulnerability in a .NET framework class used by Flexi Soft Designer allows an attacker to craft malicious project files. When such a malicious project file is opened or imported, it can execute arbitrary code with the privileges of the current user, compromising confidentiality, integrity, and availability. The attack requires a user to manually open a malicious project file.

Recommendations For versions up to and including 1.9.4 SP1, as a temporary workaround, consider avoiding the use of potentially malicious project files until a patch is available. Restrict access to untrusted project files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.