Описание
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:estsoft:alyac:2.5.8.544:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00098
Низкий
7.3 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-680
CWE-190
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
EPSS
Процентиль: 27%
0.00098
Низкий
7.3 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-680
CWE-190