Описание
Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одновременно
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file.
Уязвимость настольной издательской системы Adobe Framemaker, вызванная переполнением буфера на стеке, позволяющая нарушителю выполнить произвольный код
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2