Lucene search
Michael DePlante, Anthony Fuller and Todd Manning of Trend Micro Zero Day Initiative/Trend Micro ResearchZDI-19-791HistorySep 05, 2019 - 12:00 a.m.
Red Lion Crimson CD3 File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability
2019-09-0500:00:00
Michael DePlante, Anthony Fuller and Todd Manning of Trend Micro Zero Day Initiative/Trend Micro Research
www.zerodayinitiative.com
15
0.009 Low
EPSS
Percentile
83.1%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CD3 files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
zdi
zdi
prion
prion
Input validation
2019-09-23 16:15:00
cvelist
cvelist
CVE-2019-10984
2019-09-23 15:58:41
nvd
nvd
CVE-2019-10984
2019-09-23 16:15:14
cve
cve
CVE-2019-10984
2019-09-23 16:15:14
checkpoint_advisories
checkpoint_advisories
Red Lion Crimson Type Confusion (CVE-2019-10996; CVE-2019-10984)
2020-02-25 00:00:00
ics
ics
Red Lion Controls Crimson
2019-09-16 12:00:00