CVE-2018-10598

EUVD-2018-2670
CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
Affected Products (NVD)
VendorProductVersion
deltawwcncsoft
𝑥
≤ 1.00.83
deltawwscreeneditor
1.00.54
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105032
https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01
http://www.securityfocus.com/bid/105032
https://ics-cert.us-cert.gov/advisories/ICSA-18-219-01