CVE-2023-35715 Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability

🗓️ 03 May 2024 01:57:37Reported by zdiType

Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2023-35715	3 May 202402:15	–	attackerkb
CNNVD	Ashlar Vellum Cobalt 安全漏洞	3 May 202400:00	–	cnnvd
CVE	CVE-2023-35715	3 May 202401:57	–	cve
EUVD	EUVD-2023-39714	3 Oct 202520:07	–	euvd
NVD	CVE-2023-35715	3 May 202402:15	–	nvd
Positive Technologies	PT-2023-25289 · Ashlar Vellum · Ashlar-Vellum Cobalt	15 Jun 202300:00	–	ptsecurity
Vulnrichment	CVE-2023-35715 Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability	3 May 202401:57	–	vulnrichment
Zero Day Initiative	(0Day) Ashlar-Vellum Cobalt AR File Parsing Uninitialized Memory Remote Code Execution Vulnerability	15 Jun 202300:00	–	zdi

[
  {
    "vendor": "Ashlar-Vellum",
    "product": "Cobalt",
    "versions": [
      {
        "version": "Ashlar-Vellum Cobalt 12 beta build 1204.60",
        "status": "affected"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-23-878/

18 Sep 2024 18:28Current

8.2High risk

Vulners AI Score8.2

CVSS 37.8

EPSS0.0041

CWE-824