OMRON CX-One CX-Montion Wcscpy Buffer Overflow

Strike ID:
E18-0osa1
CVSS:
7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
False Positive:
f
Variants:
1
Year:
2018

Description

This strike exploits a stack buffer overflow vulnerability in OMRON CX-One CX-Montion. The vulnerability is due to improper parsing of the parameters in a MCI configuration file. An attacker can entice a target to open a specially crafted MCI configuration file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the application.

CVE

References