CVE-2010-20114

Exploit

EPSS 9.87%
Veröffentlicht 21.08.2025 20:14:47
Zuletzt bearbeitet 22.08.2025 18:08:51
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerVariCAD

≫

Produkt VariCAD EN

Default Statusunaffected

Version <= 2010-2.05

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	9.87%	0.926

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
disclosure@vulncheck.com	8.4	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/varicad_dwb.rb

https://www.exploit-db.com/exploits/11789

https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26522

https://www.seebug.org/vuldb/ssvid-71154

https://www.varicad.com/en/home/

https://www.fortiguard.com/encyclopedia/ips/18735

https://www.vulncheck.com/advisories/varicad-en-dwb-file-stack-buffer-overflow

https://nvd.nist.gov/vuln/detail/CVE-2010-20114

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-20114

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-20114

EUVD