CVE-2022-3378

Name of the Vulnerable Software and Affected Versions Horner Automation's Cscape version 9.90 SP 7 and prior

Description The issue arises from improper validation of user-supplied data. If a user opens a maliciously formed FNT file, an attacker could execute arbitrary code within the current process. This is achieved by accessing an uninitialized pointer, which leads to an out-of-bounds memory write.

Recommendations For versions 9.90 SP 7 and prior, consider avoiding the use of FNT files from untrusted sources until a fix is available. As a temporary workaround, restrict the ability to open FNT files within the application to minimize the risk of exploitation.