Lucene search
Francis Provencher {PRL}ZDI-21-243HistoryFeb 24, 2021 - 12:00 a.m.
Siemens JT2Go DWG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2021-02-2400:00:00
Francis Provencher {PRL}
www.zerodayinitiative.com
17
siemens
jt2go
dwg
out-of-bounds read
information disclosure
remote attackers
sensitive information
user interaction
malicious file
parsing
validation
allocated buffer
arbitrary code
process
EPSS
0.003
Percentile
68.8%
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Related
zdi
zdi
cvelist
cvelist
CVE-2021-25178
2021-01-18 07:12:43
prion
prion
Stack overflow
2021-01-18 08:15:00
nvd
nvd
CVE-2021-25178
2021-01-18 08:15:13
cve
cve
CVE-2021-25178
2021-01-18 08:15:13
ics
ics
Open Design Alliance Drawings SDK (Update A)
2021-05-06 12:00:00
Siemens COMOS
2022-03-10 12:00:00
Siemens JT2Go and Teamcenter Visualization (Update A)
2021-05-27 12:00:00
nessus
nessus
Siemens JT2Go < 13.1.0.1 Multiple Vulnerabilities (SSA-663999)
2021-05-07 00:00:00