CVE-2025-50130

Published: Jul 8, 2025Modified: Jul 8, 2025

8.4

Vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: vultures@jpcert.or.jp (Secondary)

Description

A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execution.

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References (3)

https://jvn.jp/en/vu/JVNVU94011267/

Source: vultures@jpcert.or.jp

https://monitouch.fujielectric.com/site/download-e/03tellus_inf/Search.php

Source: vultures@jpcert.or.jp

https://monitouch.fujielectric.com/site/download-e/09vsft6_inf/Search.php

Source: vultures@jpcert.or.jp

Timeline

No history available yet.