|CVSS SCORE||4.3, (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
The specific flaw exists within the processing of A5P files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of an administrator.
05/24/18 - ZDI reported the vulnerability to ICS-CERT
|CREDIT||Michael Flanders of the Zero Day Initiative