Main Vulnerability Database Vulnerabilities #VU35850

Input validation error in 010 Editor - CVE-2019-12553

Published: June 5, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35850

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-12553

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: SweetScape Software Inc.

Affected software:
010 Editor

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.

How to mitigate CVE-2019-12553

Install update from vendor's website.

Sources

https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt
https://www.sweetscape.com/010editor/release_notes.html

Input validation error in 010 Editor - CVE-2019-12553

Detailed vulnerability description

How to mitigate CVE-2019-12553

Sources

Please verify you're human