Main Vulnerability Database SB2019072220

SB2019072220 - Input validation error in 010 Editor

Published: July 22, 2019 Updated: July 25, 2019

Security Bulletin ID SB2019072220

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2019-12551)

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper validation of arguments in the internal implementation of the "Memcpy" function. A local attacker can overwrite arbitrary memory, and execute code on the target system.

Remediation

Install update from vendor's website.

References

https://ereisr00.github.io/
https://github.com/ereisr00/bagofbugz/blob/master/010Editor
https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm