|CVSS SCORE||6.8, (AV:N/AC:M/Au:N/C:P/I:P/A:P)|
|TREND MICRO CUSTOMER PROTECTION||Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['20070']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within the handling of D-Script data by ParseAPI.dll. When processing a malformed file, it is possible to write D-Script data beyond the bounds of a heap buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
06/25/2015 - ZDI disclosed 4 cases to ICS-CERT
Given the stated purpose of Proface GP-Pro, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application to trusted files.
-- Vendor Response Link:
|CREDIT||Steven Seeley of Source Incite