For the attack to work, the hacker needs to convince the targeted user to open a malicious file or web page. The problem is that the process fails to properly validate the length of user-supplied data prior to copying it to a fixed-length buffer, allowing an attacker to execute arbitrary code in the context of the administrator. Micalizzi found a total of six stack buffer overflows and five heap buffer overflows affecting various components initialized during the processing of a driver configuration file. The expert identified three types of flaws: stack-based buffer overflows ( CVE-2017-9638), heap-based buffer overflows ( CVE-2017-9636) and out-of-bounds write bugs ( CVE-2017-9634).
Security researcher Andrea Micalizzi, also known as “rgod,” discovered that version 7.52 Build 344 of E-Designer is affected by several vulnerabilities that can be exploited for remote code execution and denial-of-service (DoS) attacks.
ICS-CERT and Trend Micro’s Zero Day Initiative (ZDI) have disclosed the details of several critical vulnerabilities affecting Mitsubishi Electric’s E-Designer, a tool used for programming E1000 human-machine interfaces (HMIs).
0 kommentar(er)
