|CVSS SCORE||9.3, (AV:N/AC:M/Au:N/C:C/I:C/A:C)|
The specific flaw exists within the handling of user-supplied comments in FNC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute arbitrary code under the context of administrator.
05/16/18 - ZDI reported the vulnerability to ICS-CERT