vendor:
Zahir Enterprise Plus
by:
f3ci, modpr0be
7.8
CVSS
HIGH
Stack Buffer Overflow
Buffer Overflows
CWE
Product Name: Zahir Enterprise Plus
Affected Version From: 6
Affected Version To: 6 build 10b
Patch Exists: NO
Related CWE: CVE-2018-17408
CPE: a:zahir:enterprise_plus:6
Platforms Tested: Windows
2018
Zahir Enterprise Plus 6 Stack Buffer Overflow
This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler record.
Mitigation:
Apply the vendor-supplied patch or upgrade to a newer version.