INVT Electric VT-Designer Remote Code Execution and Heap Based Buffer Overflow Vulnerabilities
BID:106071
CVE-2018-18983 | CVE-2018-18987 |Info
INVT Electric VT-Designer Remote Code Execution and Heap Based Buffer Overflow Vulnerabilities
| Bugtraq ID: | 106071 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2018-18987 CVE-2018-18983 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 05 2018 12:00AM |
| Updated: | Dec 05 2018 12:00AM |
| Credit: | Ariele Caltabiano (kimiya) working with Trend Micro�??s Zero Day Initiative |
| Vulnerable: |
INVT Electric VT-Designer 2.1.7.31 |
| Not Vulnerable: | |
Discussion
INVT Electric VT-Designer Remote Code Execution and Heap Based Buffer Overflow Vulnerabilities
INVT Electric VT-Designer is prone to a remote code-execution vulnerability and a heap-based buffer-overflow vulnerability.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
INVT Electric VT-Designer 2.1.7.31 is vulnerable; other versions may also be affected.
INVT Electric VT-Designer is prone to a remote code-execution vulnerability and a heap-based buffer-overflow vulnerability.
An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
INVT Electric VT-Designer 2.1.7.31 is vulnerable; other versions may also be affected.
Exploit / POC
INVT Electric VT-Designer Remote Code Execution and Heap Based Buffer Overflow Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
INVT Electric VT-Designer Remote Code Execution and Heap Based Buffer Overflow Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
INVT Electric VT-Designer Remote Code Execution and Heap Based Buffer Overflow Vulnerabilities
References:
References:
- INVT Electric Homepage (INVT Electric)
- ICSA-18-333-01: INVT Electric VT-Designer (ICS CERT)