Home

Description

AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an indirect call through attacker-controlled memory, resulting in denial-of-service. In some conditions, remote code execution may be possible.

PUBLISHED Reserved 2025-10-28 | Published 2025-11-12 | Updated 2025-11-13 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-416 Use After Free

Product status

Default status
unaffected

Any version
affected

Timeline

2011-10-10:ExploitDB-17964 is publicly disclosed.

Credits

Luigi Auriemma finder

References

www.exploit-db.com/exploits/17964 exploit

www.exploit-db.com/exploits/17964 exploit

en.iraifrance.com/automgen product

www.vulncheck.com/...irai-automgen-use-after-free-remote-dos third-party-advisory

cve.org (CVE-2011-10034)

nvd.nist.gov (CVE-2011-10034)

Download JSON