SB2017070516 - Multiple vulnerabilities in STDUtility STDU Viewer

Description

This security bulletin contains information about 68 vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2017-14688)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."

2) Buffer overflow (CVE-ID: CVE-2017-14689)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000328e."

3) Buffer overflow (CVE-ID: CVE-2017-14690)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7."

4) Buffer overflow (CVE-ID: CVE-2017-14691)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_773a0000!RtlAddAccessAllowedAce+0x000000000000027a."

5) Buffer overflow (CVE-ID: CVE-2017-14692)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."

6) Buffer overflow (CVE-ID: CVE-2017-14561)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638."

7) Buffer overflow (CVE-ID: CVE-2017-14562)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

8) Buffer overflow (CVE-ID: CVE-2017-14563)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311."

9) Buffer overflow (CVE-ID: CVE-2017-14564)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000028657."

10) Buffer overflow (CVE-ID: CVE-2017-14565)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000038f2fbf called from image00000000_00400000+0x0000000000240065."

11) Buffer overflow (CVE-ID: CVE-2017-14566)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from Unknown Symbol @ 0x0000000000049d2c."

12) Buffer overflow (CVE-ID: CVE-2017-14567)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b."

13) Buffer overflow (CVE-ID: CVE-2017-14568)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x000000000297024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025630."

14) Buffer overflow (CVE-ID: CVE-2017-14569)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Read Access Violation starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd5."

15) Buffer overflow (CVE-ID: CVE-2017-14570)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."

16) Buffer overflow (CVE-ID: CVE-2017-14571)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0x0000000000025706."

17) Buffer overflow (CVE-ID: CVE-2017-14572)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x000000000479049b called from Unknown Symbol @ 0x000000000d89645b."

18) Buffer overflow (CVE-ID: CVE-2017-14573)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566a."

19) Buffer overflow (CVE-ID: CVE-2017-14574)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV starting at Unknown Symbol @ 0x0000000004940490."

20) Buffer overflow (CVE-ID: CVE-2017-14575)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c called from STDUXPSFile!DllUnregisterServer+0x000000000002566c."

21) Buffer overflow (CVE-ID: CVE-2017-14576)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to a "Possible Stack Corruption starting at Unknown Symbol @ 0x00000000049f0281."

22) Buffer overflow (CVE-ID: CVE-2017-14577)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Control Flow starting at Unknown Symbol @ 0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d."

23) Buffer overflow (CVE-ID: CVE-2017-14579)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000005b70."

24) Buffer overflow (CVE-ID: CVE-2017-14542)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .epub file, related to a "Read Access Violation on Block Data Move starting at STDUEPubFile!DllUnregisterServer+0x0000000000010262."

25) Buffer overflow (CVE-ID: CVE-2017-14543)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000039335."

26) Buffer overflow (CVE-ID: CVE-2017-14544)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUEPubFile!DllUnregisterServer+0x000000000003fff1."

27) Buffer overflow (CVE-ID: CVE-2017-14545)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to "Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332."

28) Buffer overflow (CVE-ID: CVE-2017-14546)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to an "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

29) Buffer overflow (CVE-ID: CVE-2017-14547)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .mobi file, related to a "Read Access Violation starting at STDUMOBIFile!DllUnregisterServer+0x000000000002efc0."

30) Buffer overflow (CVE-ID: CVE-2017-14548)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d."

31) Buffer overflow (CVE-ID: CVE-2017-14549)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

32) Buffer overflow (CVE-ID: CVE-2017-14550)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8."

33) Buffer overflow (CVE-ID: CVE-2017-14551)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9f2."

34) Buffer overflow (CVE-ID: CVE-2017-14552)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d9a9."

35) Buffer overflow (CVE-ID: CVE-2017-14553)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x00000000000085f5."

36) Buffer overflow (CVE-ID: CVE-2017-14554)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d908."

37) Buffer overflow (CVE-ID: CVE-2017-14555)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjVuFile!DllUnregisterServer+0x000000000000ec6e."

38) Buffer overflow (CVE-ID: CVE-2017-14556)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000da27."

39) Buffer overflow (CVE-ID: CVE-2017-14557)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000dd3f."

40) Buffer overflow (CVE-ID: CVE-2017-14558)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2."

41) Buffer overflow (CVE-ID: CVE-2017-14559)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005af2."

42) Buffer overflow (CVE-ID: CVE-2017-14560)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x0000000000005bd2."

43) Buffer overflow (CVE-ID: CVE-2017-14292)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000570e."

44) Buffer overflow (CVE-ID: CVE-2017-14293)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64LdrpInitialize+0x00000000000008e1."

45) Buffer overflow (CVE-ID: CVE-2017-14294)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000566e."

46) Buffer overflow (CVE-ID: CVE-2017-14295)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9."

47) Buffer overflow (CVE-ID: CVE-2017-14296)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e6."

48) Buffer overflow (CVE-ID: CVE-2017-14297)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35."

49) Buffer overflow (CVE-ID: CVE-2017-14298)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."

50) Buffer overflow (CVE-ID: CVE-2017-14299)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x000000000000384b."

51) Buffer overflow (CVE-ID: CVE-2017-14300)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x0000000000004479."

52) Buffer overflow (CVE-ID: CVE-2017-14301)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d3."

53) Buffer overflow (CVE-ID: CVE-2017-14302)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllGetClassObject+0x00000000000064d7."

54) Buffer overflow (CVE-ID: CVE-2017-14303)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x0000000000003047."

55) Buffer overflow (CVE-ID: CVE-2017-14304)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllGetClassObject+0x00000000000043e0."

56) Buffer overflow (CVE-ID: CVE-2017-14305)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x0000000000005578."

57) Buffer overflow (CVE-ID: CVE-2017-14306)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006e10."

58) Buffer overflow (CVE-ID: CVE-2017-14307)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77400000!TpAllocCleanupGroup+0x0000000000000402."

59) Buffer overflow (CVE-ID: CVE-2017-14308)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."

60) Buffer overflow (CVE-ID: CVE-2017-14309)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8."

61) Buffer overflow (CVE-ID: CVE-2017-14310)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869."

62) Buffer overflow (CVE-ID: CVE-2017-14286)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x000000000000cb8c."

63) Buffer overflow (CVE-ID: CVE-2017-14287)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "Read Access Violation on Control Flow starting at STDUJBIG2File+0x00000000000015eb."

64) Buffer overflow (CVE-ID: CVE-2017-14288)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x0000000000002ff7."

65) Buffer overflow (CVE-ID: CVE-2017-14289)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000303e."

66) Buffer overflow (CVE-ID: CVE-2017-14290)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d."

67) Buffer overflow (CVE-ID: CVE-2017-14291)

The vulnerability allows a local authenticated user to execute arbitrary code.

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllUnregisterServer+0x00000000000076d8."

68) Buffer overflow (CVE-ID: CVE-2017-8387)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ commands.

Remediation

Install update from vendor's website.

References

• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14688
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14689
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14690
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14691
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14692
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14561
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14562
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14563
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14564
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14565
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14566
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14567
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14568
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14569
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14570
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14571
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14572
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14573
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14574
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14575
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14576
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14577
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14579
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14542
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14543
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14544
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14545
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14546
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14547
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14548
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14549
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14550
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14551
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14552
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14553
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14554
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14555
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14556
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14557
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14559
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14560
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14292
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14293
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14294
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14295
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14296
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14297
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14298
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14299
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14300
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14301
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14302
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14303
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14304
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14305
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14306
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14307
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14308
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14309
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14310
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14286
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14287
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14288
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14289
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14290
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14291
• https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8387