Lucene search
Steven Seeley of Source InciteZDI-16-336HistoryMay 11, 2016 - 12:00 a.m.
Panasonic FPWIN Pro SelectFCS Array Indexing Out-Of-Bounds Write Remote Code Execution Vulnerability
2016-05-1100:00:00
Steven Seeley of Source Incite
www.zerodayinitiative.com
9
0.001 Low
EPSS
Percentile
20.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the SelectFCS method due to improper index calculation for array access. An attacker can leverage this vulnerability to attain code execution under the context of the current process.
Related
zdi
zdi
cvelist
cvelist
CVE-2016-4496
2016-05-12 01:00:00
nvd
nvd
CVE-2016-4496
2016-05-12 01:59:11
cve
cve
CVE-2016-4496
2016-05-12 01:59:11
prion
prion
Integer overflow
2016-05-12 01:59:00
nessus
nessus
Panasonic FPWIN Pro 5.x < 7.130 Multiple Vulnerabilities
2016-06-15 00:00:00
openvas
openvas
Panasonic FPWIN Pro Multiple Vulnerabilities
2016-09-01 00:00:00
ics
ics
Panasonic FPWIN Pro Vulnerabilities
2018-08-23 12:00:00