Lucene search

TalosCVELIST:CVE-2020-13586

HistoryFeb 04, 2021 - 6:40 a.m.

CVE-2020-13586

2021-02-0406:40:52

CWE-122

talos

www.cve.org

memory corruption

softmaker office planmaker 2021

heap buffer overflow

malicious file

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.5%

JSON

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "product": "Softmaker",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014)"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2020-1197

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.5%

JSON

Related for CVELIST:CVE-2020-13586