Lucene search
Mat Powell & Michael DePlante (@izobashi) of Trend Micro Zero Day InitiativeZDI-23-754HistoryMay 31, 2023 - 12:00 a.m.
(0Day) Microsoft 3D Viewer FBX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2023-05-3100:00:00
Mat Powell & Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
23
microsoft 3d viewer
fbx file parsing
buffer overflow
remote code execution
user interaction
validation
heap-based buffer
current process
0.001 Low
EPSS
Percentile
31.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft 3D Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FBX files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cvelist
cvelist
CVE-2023-27911
2023-04-17 00:00:00
cve
cve
CVE-2023-27911
2023-04-17 21:15:07
prion
prion
Heap overflow
2023-04-17 21:15:00
nvd
nvd
CVE-2023-27911
2023-04-17 21:15:07
mscve
mscve
kaspersky
kaspersky
KLA60730 Multiple vulnerabilities in Microsoft Apps
2023-06-13 00:00:00
KLA50318 Multiple vulnerabilities in Microsoft Office
2023-06-13 00:00:00
KLA50317 Multiple vulnerabilities in Microsoft Developer Tools
2023-06-13 00:00:00
nessus
nessus
openvas
openvas
Microsoft Office 2019 Multiple Vulnerabilities (Sep 2023) - Mac OS X
2023-09-14 00:00:00
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Sep 2023)
2023-09-14 00:00:00
mskb
mskb
rapid7blog
rapid7blog
Patch Tuesday - June 2023
2023-06-13 20:49:27