← voltar
CVE-2020-9725

FrameMaker File Parsing Stack-based Buffer Overflow

CVSS 7.8 HIGHEPSS 3.7%CWE-121
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.8EPSS 3.7%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
10 set 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. This could be exploited to execute arbitrary code with the privileges of the current user. User interaction is required to exploit this vulnerability in that the target must open a malicious FrameMaker file.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
Adobe · FrameMaker

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://helpx.adobe.com/security/products/framemaker/apsb20-54.html