Vulnerabilities > CVE-2022-3378 - Access of Uninitialized Pointer vulnerability in Hornerautomation Cscape
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 25 |