CVE-2023-6362 | THREATINT

Description

A vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.

PUBLISHED Reserved 2023-11-28 | Published 2024-10-07 | Updated 2024-10-07 | Assigner INCIBE

HIGH: 7.3CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Problem types

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status

unaffected

16.1 SR-1

affected

20.4

affected

Credits

Rafael Pedrero finder

References

www.incibe.es/...tices/aviso/multiple-vulnerabilities-winhex

cve.org (CVE-2023-6362)

nvd.nist.gov (CVE-2023-6362)

Download JSON