Lucene search
Angelboy (@scwuaptx) from DEVCORE Research TeamZDI-23-554HistoryMay 04, 2023 - 12:00 a.m.
(Pwn2Own) Canon imageCLASS MF743Cdw cmNetBiosParseName Heap-based Buffer Overflow Remote Code Execution Vulnerability
2023-05-0400:00:00
Angelboy (@scwuaptx) from DEVCORE Research Team
www.zerodayinitiative.com
15
pwn2own
canon
imageclass
mf743cdw
netbios
buffer overflow
arbitrary code execution
authentication bypass
validation
heap-based
remote code execution
0.004 Low
EPSS
Percentile
72.6%
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of NetBIOS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the NetBIOS-NS service.
Related
cve
cve
CVE-2023-0854
2023-05-11 13:15:12
prion
prion
Buffer overflow
2023-05-11 13:15:00
nvd
nvd
CVE-2023-0854
2023-05-11 13:15:12
cvelist
cvelist
CVE-2023-0854
2023-05-11 00:00:00