Lucene search

Kaspersky LabKLA10157

HistoryDec 24, 2011 - 12:00 a.m.

KLA10157 ACE vulnerability in Final Draft

2011-12-2400:00:00

Kaspersky Lab

threats.kaspersky.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

Low

0.249 Low

EPSS

Percentile

96.7%

JSON

A buffer overflow was found in Final Draft. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely a via specially designed file.

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

Final-Draft

CVE list

CVE-2011-5059 critical

CVE-2011-5002 critical

Solution

Update to latest version

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Final Draft 8 versions 8.0.1 and earlier

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Final-Draft/

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

Low

0.249 Low

EPSS

Percentile

96.7%

JSON

Related for KLA10157