DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2024-1112

High

Low Medium High Critical

7.3

CVSS Score

Published: Jan 31, 2024

Last Modified: Nov 21, 2024

CWE: CWE-119

Vulnerability Description

Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

1 configuration(s) from 1 vendor(s)

resource_hacker

Version:

3.6.0.92

CPE:

cpe:2.3:a:angusj:resource_hacker:3.6.0.92:*:*:*:*:*:*:*

This vulnerability affects 1 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

7.3

out of 10.0

High

Weakness Type (CWE)

CWE-119 Top 25 #17

Improper Restriction of Operations within the Bounds of a Memory Buffer

Description: The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to…
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class