CVE-2020-13579

{"id": "CVE-2020-13579", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2021-02-04T07:15:12.900", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1190", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "talos-cna@cisco.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021\u2019s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de desbordamiento de enteros explotable en la funcionalidad de an\u00e1lisis de documentos de PlanMaker de la aplicaci\u00f3n PlanMaker de SoftMaker Office 2021. Un documento especialmente dise\u00f1ado puede causar que el analizador de documentos lleve a cabo operaciones aritm\u00e9ticas que pueden desbordarse, lo que puede resultar en una asignaci\u00f3n de la pila de tama\u00f1o insuficiente. M\u00e1s tarde, al copiar datos del archivo a esta asignaci\u00f3n, ocurrir\u00e1 un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria que puede corromper la memoria. Estos tipos de corrupci\u00f3n de la memoria pueden permitir una ejecuci\u00f3n de c\u00f3digo en el contexto de la aplicaci\u00f3n. Un atacante puede atraer a la v\u00edctima para que abra un documento para activar esta vulnerabilidad"}], "lastModified": "2022-06-07T18:38:05.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softmaker:planmaker_2021:1014:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80D7705E-C127-4043-BC09-31346F8AD532"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}