|CVSS SCORE||4.3, (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
The specific flaw exists within the processing of FNC files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to disclose sensitive information under the context of an administrator.
05/22/18 - ZDI reported the vulnerability to ICS-CERT
|CREDIT||Michael Flanders of the Zero Day Initiative