Lucene search
Michael DePlante & Anthony Fuller of Trend Micro Zero Day InitiativeZDI-19-789HistorySep 05, 2019 - 12:00 a.m.
Red Lion Crimson CD31 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
2019-09-0500:00:00
Michael DePlante & Anthony Fuller of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
15
0.009 Low
EPSS
Percentile
83.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CD31 files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator.
Related
zdi
zdi
prion
prion
Input validation
2019-09-23 16:15:00
cvelist
cvelist
CVE-2019-10984
2019-09-23 15:58:41
cve
cve
CVE-2019-10984
2019-09-23 16:15:14
nvd
nvd
CVE-2019-10984
2019-09-23 16:15:14
checkpoint_advisories
checkpoint_advisories
Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)
2020-02-25 00:00:00
ics
ics
Red Lion Controls Crimson
2019-09-16 12:00:00