Vulnerability Description
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deltaww | Cncsoft | <= 1.00.83 |
| Deltaww | Screeneditor | 1.00.54 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105032Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/105032Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10636?
CVE-2018-10636 is a vulnerability with a CVSS score of 8.8 (HIGH). CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation...
How severe is CVE-2018-10636?
CVE-2018-10636 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10636?
Check the references section above for vendor advisories and patch information. Affected products include: Deltaww Cncsoft, Deltaww Screeneditor.