Vulnerability Description
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deltaww | Cncsoft | <= 1.00.83 |
| Deltaww | Screeneditor | 1.00.54 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105032Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/105032Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10598?
CVE-2018-10598 is a vulnerability with a CVSS score of 8.1 (HIGH). CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing pro...
How severe is CVE-2018-10598?
CVE-2018-10598 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10598?
Check the references section above for vendor advisories and patch information. Affected products include: Deltaww Cncsoft, Deltaww Screeneditor.