CVE-2019-12810 - OpenCVE

A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Estsoft	Alsee

Configuration 1 [-]

AND

cpe:2.3:a:estsoft:alsee:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35131	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: krcert

Published: 2019-08-30T16:33:08

Updated: 2019-08-30T16:33:08

Reserved: 2019-06-13T00:00:00

Link: CVE-2019-12810

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-30T17:15:11.563

Modified: 2019-10-09T23:46:13.747

Link: CVE-2019-12810

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "ALSee", "vendor": "ESTSOFT", "versions": [{"status": "affected", "version": "5.3 ~ 8.39"}]}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-30T16:33:08", "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "shortName": "krcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35131"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-12810", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ALSee", "version": {"version_data": [{"version_value": "5.3 ~ 8.39"}]}}]}, "vendor_name": "ESTSOFT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35131", "refsource": "CONFIRM", "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35131"}]}}}}, "cveMetadata": {"assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863", "assignerShortName": "krcert", "cveId": "CVE-2019-12810", "datePublished": "2019-08-30T16:33:08", "dateReserved": "2019-06-13T00:00:00", "dateUpdated": "2019-08-30T16:33:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:estsoft:alsee:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F68A16D-D0E3-4B46-8823-C187C87DD4E1", "versionEndIncluding": "8.39", "versionStartIncluding": "5.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code."}, {"lang": "es", "value": "Existe una vulnerabilidad de corrupci\u00f3n de memoria en la funcionalidad de an\u00e1lisis .PSD de ALSee v5.3 ~ v8.39. Un archivo .PSD especialmente dise\u00f1ado puede causar una vulnerabilidad de escritura fuera de los l\u00edmites que resulta en la ejecuci\u00f3n del c\u00f3digo. Al persuadir a una v\u00edctima para que abra un archivo .PSD especialmente dise\u00f1ado, un atacante podr\u00eda ejecutar c\u00f3digo arbitrario."}], "id": "CVE-2019-12810", "lastModified": "2019-10-09T23:46:13.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-30T17:15:11.563", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory"], "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35131"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}