漏洞标题
Substance3D - Stager存在写任意处漏洞(CWE-123)
漏洞描述信息
Substance3D - Stager版本3.0.3及之前版本存在一处写入任意位置(Write-what-where Condition)漏洞,该漏洞可能导致攻击者在当前用户上下文中执行任意代码。此漏洞允许攻击者将一个可控的值写入任意内存位置,从而可能导致代码执行。利用该漏洞需要用户交互,即受害者必须打开一个恶意文件。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
跨界内存写
漏洞标题
Substance3D - Stager | Write-what-where Condition (CWE-123)
漏洞描述信息
Substance3D - Stager versions 3.0.3 and earlier are affected by a Write-what-where Condition vulnerability that could allow an attacker to execute arbitrary code in the context of the current user. This vulnerability allows an attacker to write a controlled value to an arbitrary memory location, potentially leading to code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
任意地址可写任意内容条件
漏洞标题
Adobe Substance 3D Stager 安全漏洞
漏洞描述信息
Adobe Substance 3D Stager是美国奥多比(Adobe)公司的一个虚拟3D工作室。 Adobe Substance 3D Stager存在安全漏洞。攻击者利用该漏洞可以在当前用户环境中执行任意代码。
CVSS信息
N/A
漏洞类别
其他