Lucene search
Mat Powell of Trend Micro Zero Day InitiativeZDI-22-1275HistorySep 19, 2022 - 12:00 a.m.
Adobe InCopy SVG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
2022-09-1900:00:00
Mat Powell of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
10
adobe incopy
svg file
parsing
vulnerability
remote code execution
crafted data
buffer overflow
code execution
remote attack
0.006 Low
EPSS
Percentile
77.9%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InCopy. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG files. Crafted data in an SVG file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cvelist
cvelist
cve
cve
CVE-2022-38402
2022-09-16 18:15:15
prion
prion
Heap overflow
2022-09-16 18:15:00
cnvd
cnvd
Adobe InCopy Buffer Overflow Vulnerability (CNVD-2022-64970)
2022-09-19 00:00:00
nvd
nvd
CVE-2022-38402
2022-09-16 18:15:15
nessus
nessus
Adobe InCopy < 16.4.3 / 17.0 < 17.4 Multiple Vulnerabilities (APSB22-53)
2022-09-13 00:00:00
adobe
adobe
APSB22-53 : Security updates available for Adobe InCopy
2022-09-13 00:00:00