HTTP: Mitsubishi Electric E-Designer SetupAlarm Font Stack Buffer Overflow

A stack-based buffer overflow vulnerability exists in Mitsubishi's Electric E-Designer. A remote attacker can exploit this vulnerability by enticing a user to visit a maliciously crafted website. This can lead to arbitrary code execution in the context of the affected user.

Extended Description

Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.

Affected Products

Mitsubishielectric e-designer

References

CVE: CVE-2017-9638

Short Name
HTTP:MITSUBISHI-ELECTRIC-SBO
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2017-9638 E-Designer Electric Font Mitsubishi Overflow SetupAlarm Stack
Release Date
08/30/2017
Supported Platforms

srx-branch-19.3

vsrx3bsd-19.2

srx-19.4

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

vsrx-19.2

srx-19.3

srx-branch-12.3

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx-12.3

vmx-19.3

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Mitsubishielectric

CVSS Score

10.0

Found a potential security threat?