CVE-2022-35088 The commit 772e55a2 of SWFTools contains a buffer-overflow.

CVE-2018-6328 Swftools package is vulnerable to a remote code execution attack due to an improper input validation. The attacker can trigger this issue by sending specially crafted XRDP packets. Swftools version prior to 1.1.2 is vulnerable. To exploit this issue, an attacker needs to send XRDP traffic to target user. Swftools version 1.1.2 and later are patched to prevent remote code execution. You can upgrade to either 1.1.2 or later version of swftools to fix this vulnerability. In addition, it is recommended to apply the following mitigations to prevent this issue from being exploited. - Do not open XRDP server on remote host. - Disable XRDP in the server software. - Patch the XRDP server software to prevent remote code execution. - Patch the XRDP client software to prevent remote code execution. - Restrict XRDP server access to authorized hosts. - Restrict XRDP client access to authorized hosts. - Patch the XRDP server software to prevent remote code execution. - Patch the XRVD client software to prevent remote code execution. - Restrict XRDP client access to authorized hosts. - Restrict XRDP server access to authorized hosts. - Restrict XRDP client access to authorized hosts. - Patch the XRDP server software to prevent remote code execution. - Restrict XRDP client access to authorized hosts. - Restrict XRDP server access to

Summary

CVE-2022-35088 Swftools package is vulnerable to a remote code execution attack due to an improper input validation. The attacker can trigger this issue by sending specially crafted XRDP packets. Swftools version prior to 1.1.2 is vulnerable. To exploit this issue, an attacker needs to send XRDP traffic to target user. Swftools version 1.1.2 and later are patched to prevent remote code execution. You can upgrade to either 1.1.2 or later version of swftools to fix this vulnerability

References ^END^

Outsourcing SEO services can be a good idea for a number of reasons, including being able to target your ideal audience.

Timeline

Published on: 09/21/2022 00:15:00 UTC
Last modified on: 09/22/2022 13:56:00 UTC

References

• https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35088.md
• https://github.com/matthiaskramm/swftools/issues/181
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35088