Main Vulnerability Database Vulnerabilities #VU14154

Heap-based buffer overflow in WECON LeviStudioU - CVE-2018-10606

Published: August 1, 2018

Vulnerability identifier: #VU14154

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10606

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WECON Technology Co., Ltd.

Affected software:
WECON LeviStudioU

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to heap-based buffer overflow when handling malicious input. A remote unauthenticated attacker can supply specially crafted project files, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-10606

Update the affected software to the latest version.

Sources

http://www.isssource.com/wecon-mitigation-for-levistudiou-holes/

Heap-based buffer overflow in WECON LeviStudioU - CVE-2018-10606

Detailed vulnerability description

How to mitigate CVE-2018-10606

Sources

Please verify you're human