|CVSS SCORE||4.3, (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 20033. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within BeginPreRead processing. When handling malformed 0x7f77 type fields, it is possible for an attacker to force an out-of-bounds read. An attacker can leverage this vulnerability to disclose arbitrary memory.
06/25/2015 - ZDI disclosed 4 cases to ICS-CERT
Given the stated purpose of Proface GP-Pro, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.
-- Vendor Response Link:
|CREDIT||Steven Seeley of Source Incite