← Back

CVE-2022-27648

nvd nist
Published: Mar 29, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of KOYO Screen Creator 0.1.1.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCA2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14868.

Affected (5)

Jtekt
1 product
Screen Creator Advance 2
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Jtekt
Screen Creator Advance 2
Before 0.1.1.4
Screen Creator Advance 2
Version 0.1.1.4
Screen Creator Advance 2
Version 0.1.1.4 build01
Screen Creator Advance 2
Version 0.1.1.4 build01b
Screen Creator Advance 2
Version 0.1.1.4 build02

Related CWEs

CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References (4)

Source: zdi-disclosures@trendmicro.com
Vendor Advisory
Source: zdi-disclosures@trendmicro.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry

Timeline

No history available yet.