CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/105032 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 | Mitigation Third Party Advisory US Government Resource |
http://www.securityfocus.com/bid/105032 | Third Party Advisory VDB Entry |
https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:41
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/105032 - Third Party Advisory, VDB Entry | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 - Mitigation, Third Party Advisory, US Government Resource |
Information
Published : 2018-08-13 21:47
Updated : 2024-11-21 03:41
NVD link : CVE-2018-10636
Mitre link : CVE-2018-10636
CVE.ORG link : CVE-2018-10636
JSON object : View
Products Affected
deltaww
- cncsoft
- screeneditor