CVE-2018-18989

2018-12-04T22:29:00
ID CVE-2018-18989
Type cve
Reporter cve@mitre.org
Modified 2019-10-09T23:37:00

Description

In CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior), when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.