Vulnerabilities > CVE-2020-7837 - Out-of-bounds Write vulnerability in Polarisoffice Polaris ML Report 2.18.723.6228

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

polarisoffice

CWE-787

NVD

Published: 2020-12-16

Updated: 2020-12-18

Summary

An issue was discovered in ML Report Program. There is a stack-based buffer overflow in function sub_41EAF0 at MLReportDeamon.exe. The function will call vsprintf without checking the length of strings in parameters given by attacker. And it finally leads to a stack-based buffer overflow via access to crafted web page. This issue affects: Infraware ML Report 2.19.312.0000.

Vulnerable Configurations

Part	Description	Count
Application	Polarisoffice Polarisoffice Polaris ML Report - Polarisoffice Polaris ML Report 2.18.723.6228	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35849