SB2018113005 - Multiple vulnerabilities in INVT Electric VT-Designer

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018113005

SB2018113005 - Multiple vulnerabilities in INVT Electric VT-Designer

Published: November 30, 2018

Security Bulletin ID SB2018113005
Severity
High
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Deserialization of untrusted data (CVE-ID: CVE-2018-18987)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to the program populates objects with user supplied input via a file without first checking for validity. A remote unauthenticated attacker can supply specially crafted input to be written to known memory locations and cause the program crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


2) Heap-based buffer overflow (CVE-ID: CVE-2018-18983)

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to the program reads the contents of a file (which is already in memory) into another heap-based buffer. A remote unauthenticated attacker can supply specially crafted input, trigger heap-based buffer overflow and cause the program crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References