CVE-2020-13579
CVE-2020-13579
In short
A flaw in SoftMaker Office's PlanMaker lets attackers create a specially crafted document that causes the application to miscalculate memory size, leading to a buffer overflow. Opening the malicious document can allow an attacker to run code on the victim's computer.
Technical detail
An integer overflow in PlanMaker's document parser causes undersized heap allocation, followed by heap-based buffer overflow during data copying. The vulnerability requires user interaction (opening a crafted document) but can result in arbitrary code execution within the application context due to memory corruption.
Summary generated and translated by AI from the official description.
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · Softmaker SoftwareWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →