CVE-2020-27250 - In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted docu

CVE-2020-27250

Summary

In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1210

Vulnerable Configurations

cpe:2.3:a:softmaker:planmaker_2021:1014:*:*:*:*:*:*:*
cpe:2.3:a:softmaker:planmaker_2021:1014:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 30-09-2022 - 02:51)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

Last major update

30-09-2022 - 02:51

Published

10-02-2021 - 22:15

Last modified

30-09-2022 - 02:51