Details of VAR-201809-1394

ID

VAR-201809-1394

TITLE

(0Day) Fuji Electric FrenicLoader FNC File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-18-1084

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Frenic Loader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of user-supplied comments in FNC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of administrator.

Trust: 0.7

sources: ZDI: ZDI-18-1084

AFFECTED PRODUCTS

vendor:

fuji electric

model:

frenic loader

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-18-1084

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-18-1084
value:	HIGH
Trust: 0.7

ZDI:	ZDI-18-1084
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7

sources: ZDI: ZDI-18-1084

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-6224	Trust: 0.7
db:	ZDI	id:	ZDI-18-1084	Trust: 0.7

sources: ZDI: ZDI-18-1084

CREDITS

Ghirmay Desta

Trust: 0.7

sources: ZDI: ZDI-18-1084

SOURCES

db:

ZDI

id:

ZDI-18-1084

LAST UPDATE DATE

2022-05-17T01:47:51.926000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-18-1084

date:

2018-09-26T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-18-1084

date:

2018-09-26T00:00:00