Lucene search
RgodZDI-22-1441HistoryOct 21, 2022 - 12:00 a.m.
Siemens Solid Edge Viewer DWG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
2022-10-2100:00:00
rgod
www.zerodayinitiative.com
25
siemens solid edge viewer
dwg file parsing
buffer overflow
remote code execution
user interaction
malicious page
heap-based buffer
validation
user-supplied data
current process
EPSS
0.001
Percentile
31.6%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
Related
cvelist
cvelist
CVE-2022-37864
2022-10-11 00:00:00
ics
ics
Siemens Solid Edge
2023-01-31 12:00:00
prion
prion
Heap overflow
2022-10-11 11:15:00
cnvd
cnvd
Siemens Solid Edge Heap Buffer Overflow Vulnerability (CNVD-2022-89764)
2022-10-13 00:00:00
cve
cve
CVE-2022-37864
2022-10-11 11:15:10
nvd
nvd
CVE-2022-37864
2022-10-11 11:15:10