Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
References
Link | Resource |
---|---|
https://blog.spentera.com/2017/09/19/unicode-stack-based-buffer-overflow-on-cyberlink-labelprint-2-5/ | Exploit Technical Description Third Party Advisory |
https://www.exploit-db.com/exploits/42777/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45985/ | |
https://blog.spentera.com/2017/09/19/unicode-stack-based-buffer-overflow-on-cyberlink-labelprint-2-5/ | Exploit Technical Description Third Party Advisory |
https://www.exploit-db.com/exploits/42777/ | Exploit Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/45985/ |
Configurations
History
21 Nov 2024, 03:13
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.spentera.com/2017/09/19/unicode-stack-based-buffer-overflow-on-cyberlink-labelprint-2-5/ - Exploit, Technical Description, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/42777/ - Exploit, Third Party Advisory, VDB Entry | |
References | () https://www.exploit-db.com/exploits/45985/ - |
Information
Published : 2017-09-23 20:29
Updated : 2024-11-21 03:13
NVD link : CVE-2017-14627
Mitre link : CVE-2017-14627
CVE.ORG link : CVE-2017-14627
JSON object : View
Products Affected
cyberlink
- labelprint
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer