PC SOFT WinDEV Stack-based Buffer Overflow Vulnerability

vendor:

WinDEV

by:

Unknown

7.5

CVSS

HIGH

Stack-based Buffer Overflow

119

CWE

Product Name: WinDEV

Affected Version From: PC SOFT WinDEV 11

Affected Version To: Unknown (other versions and related products may also be affected)

Patch Exists: NO

Related CWE: Unknown

CPE: a:pc_soft:windev

Metasploit:

Other Scripts:

Platforms Tested: Unknown

Unknown

PC SOFT WinDEV Stack-based Buffer Overflow Vulnerability

PC SOFT WinDEV is prone to a stack-based buffer-overflow vulnerability when it attempts to process malformed project files. This issue occurs because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application or to cause denial-of-service conditions. This may facilitate unauthorized access or privilege escalation.

Mitigation:

No specific mitigation or remediation steps provided

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24693/info

PC SOFT WinDEV is prone to a stack-based buffer-overflow vulnerability when it attempts to process malformed project files. This issue occurs because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application or to cause denial-of-service conditions. This may facilitate unauthorized access or privilege escalation.

PC SOFT WinDEV 11 is reported vulnerable; other versions and related products (WinDEV Express, Mobile, and WebDEV) may also be affected. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/30255.zip