Vulnerabilities > CVE-2019-5088 - Out-of-bounds Write vulnerability in Investintech Able2Extract 14.0.7

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

investintech

CWE-787

NVD

Published: 2019-11-05

Updated: 2024-11-21

Summary

An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file.

Vulnerable Configurations

Part	Description	Count
Application	Investintech Investintech Able2Extract 14.0.7	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Talos

id	TALOS-2019-0880
last seen	2019-11-09
published	2019-11-04
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0880
title	Investintech Able2Extract Professional BMP decoding biClrUsed code execution vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Talos

References