CVE-2022-3377

Name of the Vulnerable Software and Affected Versions Horner Automation's Cscape versions 9.90 SP 6 and prior

Description The issue arises from improper validation of user-supplied data. If a user opens a maliciously formed FNT file, an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.

Recommendations For versions 9.90 SP 6 and prior, avoid opening FNT files from untrusted sources until a patch is available. As a temporary workaround, consider restricting access to FNT files to minimize the risk of exploitation.