{"cve": [{"lastseen": "2018-10-10T11:05:23", "bulletinFamily": "NVD", "description": "Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a (1) CFG or (2) DAT file.", "modified": "2018-10-09T15:54:00", "published": "2015-04-03T06:59:03", "id": "CVE-2014-8390", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8390", "title": "CVE-2014-8390", "type": "cve", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ics": [{"lastseen": "2018-08-31T01:37:33", "bulletinFamily": "info", "description": "## OVERVIEW\n\nSchneider Electric has notified NCCIS/ICS-CERT of a buffer overflow vulnerability in the Schneider Electric VAMPSET software product. Ricardo Narvaja and Joaqu\u00edn Rodr\u00edguez of Core Security reported this vulnerability directly to Schneider Electric. Schneider Electric has published a security notification,a which tells how to mitigate this vulnerability.\n\n## AFFECTED PRODUCTS\n\nSchneider Electric reports that the vulnerability affects the following versions of VAMPSET:\n\n * VAMPSET software, V2.2.145 and all previous versions.\n\n## IMPACT\n\nAn attacker who exploits this vulnerability may be able to execute arbitrary code.\n\nImpact to individual organizations depends on many factors that are unique to each organization. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment, architecture, and product implementation.\n\n## BACKGROUND\n\nSchneider Electric\u2019s corporate headquarters is located in Paris, France, and it maintains offices in more than 100 countries worldwide.\n\nThe affected product, VAMPSET software, is used to configure and maintain multiple protection relays and arc monitoring units. According to Schneider Electric, this product is deployed in the Energy sector. Schneider Electric estimates that this product is used on all continents and in 60 countries world-wide.\n\n## VULNERABILITY CHARACTERIZATION\n\n### VULNERABILITY OVERVIEW\n\n### STACK-BASED BUFFER OVERFLOWb\n\nVAMPSET is vulnerable to a Stack-based and Heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code by providing a malicious CFG or DAT file with specific parameters. These malformed or corrupted disturbance recording files cause VAMPSET to crash when opened in a stand-alone state, without connection to a protection relay. This vulnerability has no effect on the Windows Operating System.\n\nCVE-2014-8390c has been assigned to this vulnerability. Schneider Electric has assigned a CVSS v2 base score of 6.6; the CVSS vector string is (AV:L/AC:M/Au:N/C:P/I:C/A:C).d\n\n### VULNERABILITY DETAILS\n\n#### EXPLOITABILITY\n\nThis vulnerability is not exploitable remotely and cannot be exploited without user interaction. The exploit is only triggered when a local user runs the vulnerable application and loads the malformed disturbance recording file.\n\n#### EXISTENCE OF EXPLOIT\n\nNo known public exploits specifically target this vulnerability.\n\n#### DIFFICULTY\n\nCrafting a working exploit for this vulnerability would be difficult. Social engineering is required to convince the user to accept the malformed disturbance recording file. Additional user interaction is needed to load the malformed file, which decreases the likelihood of a successful exploit.\n\n## MITIGATION\n\nTo protect the computer and configuration files from unauthorized escalation of privileges through manipulation, Schneider Electric recommends users employ best IT practices to secure their computers and relay configuration files. Use of User Access Control (UAC) can further improve the security of the computer. To minimize the risk of attack, users who are not directly using this software on a regular basis are strongly encouraged to delete this application from their computer to reduce the likelihood of attack and to store relay configuration files in a protected location.\n\nSchneider Electric has updated the VAMPSET tool in order to recognize malformed disturbance recorder files. It now checks the length of the text string in the Comtrade file in order to recognize them as being acceptable. This means that the station name and device identification must be the proper length. If these conditions are not met, the software will block opening the file, remain operational, and report to the user that the file is not complete or contains wrong data.\n\nFor more information about this issue, see Schneider Electric security notification SEVD-2015-084-01 at the following location on their website:\n\n<http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page>\n\nICS-CERT recommends that users take the following measures to protect themselves from social engineering attacks:\n\n * Do not click web links or open unsolicited attachments in email messages\n * Refer to Recognizing and Avoiding Email Scamse for more information\n * Refer to Avoiding Social Engineering and Phishing Attacksf for more information.\n\nICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\n\nICS-CERT also provides a section for control systems security recommended practices on the ICS-CERT web page at: <http://ics-cert.us-cert.gov/content/recommended-practices>. Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.](<http://ics-cert.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>)\n\nAdditional mitigation guidance and recommended practices are publicly available in the ICS\u2011CERT Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<http://ics-cert.us-cert.gov/tips/ICS-TIP-12-146-01B>), which is available for download from the ICS-CERT web site (<http://ics-cert.us-cert.gov/>).\n\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.\n\n * a. SEVD-2015-084-01, [http://www2.schneider-electric.com/sites/corporate/en/support/cybersecur...](<http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page>), web site last accessed April 02, 2015.\n * b. . CWE-121: Stack-based Buffer Overflow, <http://cwe.mitre.org/data/definitions/121.html>, web site last accessed April 02, 2015.\n * c. NVD, <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8390>, NIST uses this advisory to create the CVE web site report. This web site will be active sometime after publication of this advisory.\n * d. CVSS Calculator, [http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:L/AC:M/Au:N/C:P/I:C/A:C](<http://nvd.nist.gov/cvss.cfm?version=2&vector=AV:L/AC:M/Au:N/C:P/I:C/A:C>), web site last accessed April 02, 2015.\n * e. Recognizing and Avoiding Email Scams, <http://www.us-cert.gov/reading_room/emailscams_0905.pdf>, web site last accessed April 02, 2015.\n * f. National Cyber Alert System Cyber Security Tip ST04-014, <http://www.us-cert.gov/cas/tips/ST04-014.html>, web site last accessed April 02, 2015.\n", "modified": "2018-08-27T00:00:00", "published": "2015-04-02T00:00:00", "id": "ICSA-15-092-01", "href": "https://ics-cert.us-cert.gov//advisories/ICSA-15-092-01", "title": "Schneider Electric VAMPSET Software Buffer Overflow Vulnerability", "type": "ics", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:58", "bulletinFamily": "software", "description": "\r\n\r\n1. Advisory Information\r\n\r\n\r\nTitle: Schneider Vampset Stack and Heap Buffer Overflow\r\nAdvisory ID: CORE-2015-0007\r\nAdvisory URL: http://www.coresecurity.com/advisories/schneider-vampset-stack-and-heap-buffer-overflow\r\nDate published: 2015-03-30\r\nDate of last update: 2015-03-27\r\nVendors contacted: Schneider\r\nRelease mode: Coordinated release\r\n\r\n\r\n2. Vulnerability Information\r\n\r\n\r\nClass: Heap-based Buffer Overflow [CWE-122], Stack-based Buffer Overflow [CWE-121]\r\nImpact: Code execution\r\nRemotely Exploitable: No\r\nLocally Exploitable: Yes\r\nCVE Name: CVE-2014-8390, CVE-2014-8390\r\n\r\n \r\n\r\n3. Vulnerability Description\r\n\r\n\r\nUser-friendly and free of charge VAMPSET software [1] has been designed for setting parameters and configuring relays and is suitable for the entire VAMP range of protection relays, VAMP 321 arc flash protection unit and measuring and monitoring units. This indispensable setting and configuration tool allows relay parameters, configurations and recorded data to be exchanged between a computer and a VAMP relay using various communication cables.\r\n\r\nVAMPSET handles the relay settings as documents, vef-files. Settings of one physical device are considered one document. Documents can be read from the relay and transferred between similar relays. Documents can also be saved to the computer hard drive, and later loaded back to the relay using VAMPSET.\r\n\r\nVAMPSET is vulnerable to a Stack-based and Heap-based buffer overflow attack, which can be exploited by attackers to execute arbitrary code, by providing a malicious CFG or DAT file with specific parameters.\r\n\r\n\r\n4. Vulnerable packages\r\n\r\n\r\nVAMPSET v2.2.145\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n\r\n5. Vendor Information, Solutions and Workarounds\r\n\r\n\r\nGiven that this is a client-side vulnerability, affected users should avoid opening untrusted .cfg or .dat files. Core Security also recommends those affected use third party software such as Sentinel [3] or EMET [2] that could help to prevent the exploitation of affected systems to some extent.\r\n\r\nThe vendor published the following advisory [5] that includes mitigation instrucctions and a reference to the updated software.\r\n\r\n\r\n6. Credits\r\n\r\n\r\nThis vulnerability was discovered and researched by Ricardo Narvaja from Core Security Exploit Writing Team. The publication of this advisory was coordinated by Joaquin Rodriguez Varela from Core Security Advisories Team.\r\n\r\n \r\n\r\n7. Technical Description / Proof of Concept Code\r\n\r\n\r\n[CVE-2014-8390] This vulnerability is caused by a controlled heap buffer overflow when opening specially crafted Comtrade [4] format files.\r\n\r\nThe problem lays in the following facts. First the software allocs a fixed size in here:\r\n\r\n \r\n.text:00494125 push 1A68h ; size_t\r\n.text:0049412A call sub_4CC928\r\nThen it goes to a malloc with 1A68h size:\r\n\r\n \r\n.text:004CC92E loc_4CC92E: ; size_t\r\n.text:004CC92E push edi\r\n.text:004CC92F call _mallloc\r\nAnd finally here:\r\n\r\n \r\n004B3483 |> \83C6 0F ADD ESI,0F\r\n004B3486 |. 83E6 F0 AND ESI,FFFFFFF0\r\n004B3489 |. 56 PUSH ESI ; /HeapSize = 1A70 (6768.)\r\n004B348A |. 6A 00 PUSH 0 ; |Flags = 0\r\n004B348C |. FF35 2C605700 PUSH DWORD PTR DS:[57602C] ; |hHeap = 003C0000\r\n004B3492 |. FF15 70224F00 CALL DWORD PTR DS:[<&KERNEL32.HeapAlloc>>; \HeapAlloc\r\nAfter applying the AND 0f and FFFFFFF0 the size is 0x1a70:\r\n\r\n \r\n0012EF50 003C0000 |hHeap = 003C0000\r\n0012EF54 00000000 |Flags = 0\r\n0012EF58 00001A70 \HeapSize = 1A70 (6768.)\r\n \r\nThen it writes in this section without checking the size of what is written. In the POC it ends up crashing after overflowing the heap section:\r\n\r\n \r\n00497C03 |. F3:A5 |REP MOVS DWORD PTR ES:[EDI],DWORD PTR D>\r\n00497C05 |. 8BC8 |MOV ECX,EAX\r\n00497C07 |. 83E1 03 |AND ECX,3\r\n00497C0A |. F3:A4 |REP MOVS BYTE PTR ES:[EDI],BYTE PTR DS:>\r\n\r\n00D65F60 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65F70 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65F80 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65F90 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65FA0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65FB0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65FC0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65FD0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65FE0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n00D65FF0 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 43 CCCCCCCCCCCCCCCC\r\n\r\n\r\nEAX 00003BC6\r\nECX 0000082D\r\nEDX 00003BC5\r\nEBX 00D64468\r\nESP 0012ED30\r\nEBP 00EF8290 ASCII "ASCII CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\r\nESI 00EF9DA0 ASCII "CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC\r\nEDI 00D66000\r\nEIP 00497C03 Vampset.00497C03\r\n \r\nNevertheless, is a controllable heap overflow, therefore if a less amount of characters is used it can provoke code execution.\r\n\r\n[CVE-2014-8390] This vulnerability is caused by a controlled stack buffer overflow when opening specially crafted Comtrade [4] format files.\r\n\r\nWhen VAMPSET opens the malformed files the following occurs. It sends a message to LB_GETTEXT with the length of the string:\r\n\r\n \r\n0013F6FC 0048E070 /CALL to SendMessageW from Vampset.0048E06E\r\n0013F700 00840B22 |hWnd = 840B22\r\n0013F704 00000189 |Message = LB_GETTEXT\r\n0013F708 00000000 |Index = 0\r\n0013F70C 0013F760 \Buffer = 0013F760\r\n \r\nThe length of that string is bigger than the destination buffer and therefore overwrites the return address that is located after the buffer:\r\n\r\n \r\n$ ==> >49 00 4C 00 31 00 4D 00 35 00 4D 00 35 00 4D 00 I.L.1.M.5.M.5.M.\r\n$+10 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+20 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+30 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+40 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+50 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+60 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+70 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+80 >35 00 4D 00 35 00 4D 00 35 00 4D 00 35 00 4D 00 5.M.5.M.5.M.5.M.\r\n$+90 >35 00 4D 00 35 00 4D 00 35 00 4D 00 CC CC CC CC 5.M.5.M.5.M.IIII\r\n$+A0 >CC CC CC CC CC CC 38 00 35 00 38 00 31 00 61 00 IIIIII8.5.8.1.a.\r\n$+B0 >61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a.a.a.a.a.\r\n$+C0 >61 00 61 00 61 00 61 00 61 00 61 00 61 00 61 00 a.a.a.a.a.a.a.a.\r\n$+D0 >61 00 00 00 a...\r\n\r\n0048E0BE > \5F POP EDI\r\n0048E0BF . 5E POP ESI\r\n0048E0C0 . 5D POP EBP\r\n0048E0C1 . 5B POP EBX\r\n0048E0C2 . 81C4 C0000000 ADD ESP,0C0\r\n0048E0C8 . C3 RETN\r\n \r\nFrom there it jumps to execution, in this case is deviated to 0x4d0035:\r\n\r\n \r\n0013F7E0 004D0035 Vampset.004D0035\r\n0013F7E4 004D0035 Vampset.004D0035\r\n0013F7E8 004D0035 Vampset.004D0035\r\n0013F7EC 004D0035 Vampset.004D0035\r\n0013F7F0 004D0035 Vampset.004D0035\r\n0013F7F4 004D0035 Vampset.004D0035\r\n0013F7F8 004D0035 Vampset.004D0035\r\n\r\n004D0035 |. FFD5 CALL EBP ; \ClientToScreen\r\n\r\n \r\nAfter this it executes our code in the stack:\r\n\r\n \r\n0013F7EC 35 004D0035 XOR EAX,35004D00\r\n0013F7F1 004D 00 ADD BYTE PTR SS:[EBP],CL\r\n0013F7F4 35 004D0035 XOR EAX,35004D00\r\n0013F7F9 004D 00 ADD BYTE PTR SS:[EBP],CL\r\n0013F7FC CC INT3\r\n0013F7FD CC INT3\r\n0013F7FE CC INT3\r\n0013F7FF CC INT3\r\n0013F800 CC INT3\r\n0013F801 CC INT3\r\n0013F802 CC INT3\r\n0013F803 CC INT3\r\n0013F804 CC INT3\r\n0013F805 CC INT3\r\n0013F806 3800 CMP BYTE PTR DS:[EAX],AL\r\n0013F808 35 00380031 XOR EAX,31003800\r\n0013F80D 0061 00 ADD BYTE PTR DS:[ECX],AH\r\n0013F810 61 POPAD\r\n \r\n \r\n\r\n8. Report Timeline\r\n\r\n\r\n2015-01-29: Core Security sent an initial notification to CCC@us.schneider-electric.com informing them of the vulnerability and requesting their PGP key in on order to send them the encrypted advisory draft.\r\n2015-02-05: Core Security sent another email to CIC-Technical@us.schneider-electric.com and LeeAnn.Luck@Schneider-Electric.com informing them of the vulnerability and requesting their PGP key in on order to send them the encrypted advisory draft.\r\n2015-02-16: Schneider replied our email attaching their public PGP key, and asking if we were coordinating with ICS-CERT and the versions of their product we tested.\r\n2015-02-20: Core Security sendt a draft copy of the Advisory. Considering that both vulnerabilities are client side and affect a software and not a device we don't think it would be necessary to contact ICS-CERT. We inform them that we are planning to release this advisory on the 20th of March, 2015.\r\n2015-02-23: Schneider confirms the reception of Core Security draft advisory. They inform they are evaluating the report.\r\n2015-02-27: Schneider informs they are evaluating the heap buffer overflow vulnerability and they request the Proof Of Concept files (Comtrade) we used to trigger the crash and the exploit as well. They request we coordinate a release date depending on their patch plan.\r\n2015-03-02: Core Security sends Schneider both PoC files and explains that is our policy never to release exploit code, just the files/code that triggers the vulnerability and causes the application to crash. We also expressed our willingness to work together.\r\n2015-03-03: Schneider confirms reception of our email and attached files.\r\n2015-03-20: Schneider informed us that they have addressed the vulnerability and they requested that we review their security disclosure.\r\n2015-03-25: Core Security informed Schneider that they should review the "Vulnerability Overview" section of their disclosure in order to clarify that the vulnerability could not only cause a crash in the application. We requested the time and date they are planning to publish the advisory and the update as well as the link to their publication. We informed them the URL were our advisory is going to be published and the CVE ID we are planning to use.\r\n2015-03-25: Schneider informed us that they made the recommended modifications to their disclosure document and they sent us the new version. They also said they will publish it on their website.\r\n2015-03-26: Core Security asked Schneider if they could inform us the exact date they are planning to publish their disclosure document. Additionally we recommended them to delay the release until Monday in order to give the affected users enough time to patch their software before the weekend.\r\n2015-03-26: Schneider informed us that they published the advisory. They claim that because of its location, the document is not easy to find until they publicize it through a news item. They informed us that they will try to post the news item on Monday but they give no guarantees. They inform as well that they have contacted ICS-CERT so they are aware.\r\n2015-03-27: Core Security replied Schneider that by publishing the advisory they missed the hole point of a coordinated release, even if their advisory is not easy to find online. We informed them that we are going to publish our advisory on Monday 30th at 9 am EST in order to give the affected users enough time to patch their software before the weekend.\r\n2015-03-30: Advisory CORE-2015-0007 published.\r\n\r\n\r\n9. References\r\n\r\n\r\n[1] http://www.schneider-electric.com/products/ww/en/2300-ied-user-software/2320-vamp-user-software/62050-vamp-software/.\r\n[2] http://support.microsoft.com/kb/2458544.\r\n[3] https://github.com/CoreSecurity/sentinel.\r\n[4] http://en.wikipedia.org/wiki/Comtrade.\r\n[5] http://download.schneider-electric.com/files?p_Reference=SEVD-2015-084-01&p_EnDocType=Brochure&p_File_Id=766875737&p_File_Name=SEVD-2015-084-01+VAMPSET+Software.pdf.\r\n\r\n\r\n10. About CoreLabs\r\n\r\n\r\nCoreLabs, the research center of Core Security, is charged with anticipating the future needs and requirements for information security technologies. We conduct our research in several important areas of computer security including system vulnerabilities, cyber attack planning and simulation, source code auditing, and cryptography. Our results include problem formalization, identification of vulnerabilities, novel solutions and prototypes for new technologies. CoreLabs regularly publishes security advisories, technical papers, project information and shared software tools for public use at: http://corelabs.coresecurity.com.\r\n\r\n\r\n11. About Core Security\r\n\r\n\r\nCore Security enables organizations to get ahead of threats with security test and measurement solutions that continuously identify and demonstrate real-world exposures to their most critical assets. Our customers can gain real visibility into their security standing, real validation of their security controls, and real metrics to more effectively secure their organizations.\r\n\r\nCore Security's software solutions build on over a decade of trusted research and leading-edge threat expertise from the company's Security Consulting Services, CoreLabs and Engineering groups. Core Security can be reached at +1 (617) 399-6980 or on the Web at: http://www.coresecurity.com.\r\n\r\n\r\n12. Disclaimer\r\n\r\n\r\nThe contents of this advisory are copyright (c) 2015 Core Security and (c) 2015 CoreLabs, and are licensed under a Creative Commons Attribution Non-Commercial Share-Alike 3.0 (United States) License: http://creativecommons.org/licenses/by-nc-sa/3.0/us/\r\n\r\n\r\n13. PGP/GPG Keys\r\n\r\n\r\nThis advisory has been signed with the GPG key of Core Security advisories team, which is available for download at http://www.coresecurity.com/files/attachments/core_security_advisories.asc.\r\n\r\n\r\n", "modified": "2015-04-13T00:00:00", "published": "2015-04-13T00:00:00", "id": "SECURITYVULNS:DOC:31905", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31905", "title": "[CORE-2015-0007] - Schneider Vampset Stack and Heap Buffer Overflow", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
