|CVSS SCORE||4.3, (AV:N/AC:M/Au:N/C:P/I:N/A:N)|
The specific flaw exists within the parsing of images within DAT files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of an administrator.
05/18/18 - ZDI sent the report to ICS-CERT
|CREDIT||Mat Powell - Trend Micro Zero Day Initiative