Main Vulnerability Database Vulnerabilities #VU14153

Stack-based buffer overflow in WECON LeviStudioU - CVE-2018-10602

Published: July 31, 2018 / Updated: August 1, 2018

Vulnerability identifier: #VU14153

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10602

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WECON Technology Co., Ltd.

Affected software:
WECON LeviStudioU

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow when handling malicious input. A remote unauthenticated attacker can supply specially crafted project files, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-10602

Update the affected software to the latest version.

Sources

http://www.isssource.com/wecon-mitigation-for-levistudiou-holes/

Stack-based buffer overflow in WECON LeviStudioU - CVE-2018-10602

Detailed vulnerability description

How to mitigate CVE-2018-10602

Sources

Please verify you're human