#VU15530 Out-of-bounds write in libmspack
Vulnerability identifier: #VU15530
Vulnerability risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-787
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
libmspack
Universal components / Libraries /
Libraries used by multiple products
Vendor: Stuart Caie
Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the mspack/cab.h source code file due to Microsoft cabinet file (CAB) with a Quantum-compressed block of exactly 38,912 B will write 1 B beyond the end of the input buffer. when handling malicious input. A remote unauthenticated attacker can trick the victim into accessing of a CAB file that submits malicious input to the targeted system, trigger an out-of-bounds write condition and cause the application to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Mitigation
Update to version 0.8alpha.
Vulnerable software versions
libmspack: 0.3 - 0.7
External links
http://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
