exploitDog

CVE-2019-12553

Опубликовано: 05 июн. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.

Ссылки

https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt
Exploit
Third Party Advisory
https://www.sweetscape.com/010editor/release_notes.html
Release Notes
Vendor Advisory
https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt
Exploit
Third Party Advisory
https://www.sweetscape.com/010editor/release_notes.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sweetscape:010_editor:9.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01803

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787

Связанные уязвимости

GHSA-8hh3-r6wp-g4g8

github

больше 3 лет назад

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.

EPSS

Процентиль: 82%

0.01803

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-787