Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-3928

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2013-3928
Last Modified 12 Mar 2014 08:51:00
Published 11 Mar 2014 03:37:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-3928

Summary

Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.

Vulnerable Systems

Application

  • Jpchacha Chasys Draw Ies 4.00.01

  • Jpchacha Chasys Draw Ies 4.01.01

  • Jpchacha Chasys Draw Ies 4.02.01

  • Jpchacha Chasys Draw Ies 4.03.02

  • Jpchacha Chasys Draw Ies 4.04.01

  • Jpchacha Chasys Draw Ies 4.06.02

  • Jpchacha Chasys Draw Ies 4.10.01


References

MISC - https://docs.google.com/file/d/0BzyiGAtMizMtSFF4ZWVCMHNVVGs/edit?usp=sharing

XF - chasysdrawies-cve20133928-fltbmp-bo(86035)

BID - 61463

CONFIRM - http://www.jpchacha.com/chasysdraw/help.php?file=history.htm

EXPLOIT-DB - 27609

SECUNIA - 53773

MISC - http://packetstormsecurity.com/files/122810/Chasys-Draw-IES-Buffer-Overflow.html

MISC - http://longinox.blogspot.com/2013/08/explot-stack-based-overflow-bypassing.html


Last Updated: 27 May 2016 11:04:37