Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10636

CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.

Published

2018-08-13T21:47:59.167

Last Modified

2024-11-21T03:41:42.633

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-121
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	deltaww	cncsoft	≤ 1.00.83	Yes
Application	deltaww	screeneditor	1.00.54	Yes

References

http://www.securityfocus.com/bid/105032 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 Mitigation, Third Party Advisory, US Government Resource ([email protected])
http://www.securityfocus.com/bid/105032 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01 Mitigation, Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)