Remote code execution in libmspack
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-18584 |
| CWE-ID | CWE-787 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
libmspack Universal components / Libraries / Libraries used by multiple products |
| Vendor | Stuart Caie |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Out-of-bounds write
EUVDB-ID: #VU15530
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-18584
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the mspack/cab.h source code file due to Microsoft cabinet file (CAB) with a Quantum-compressed block of exactly 38,912 B will write 1 B beyond the end of the input buffer. when handling malicious input. A remote unauthenticated attacker can trick the victim into accessing of a CAB file that submits malicious input to the targeted system, trigger an out-of-bounds write condition and cause the application to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 0.8alpha.
libmspack: 0.3 - 0.7
CPE2.3- cpe:2.3:a:stuart_caie:libmspack:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:stuart_caie:libmspack:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:stuart_caie:libmspack:0.5:*:*:*:*:*:*:*
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
