On June 7th, ZDi - a Dutch security research firm, discovered a vulnerability in the material management software Simcenter Femap V2022.1 (All versions V2022.1.3) and Simcenter Femap V2022.2 (All versions V2022.2.2). The affected application is vulnerable to an out-of-bounds read error when processing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17701) On June 7th, a vulnerability was discovered in the material management software Simcenter Femap V2022.1 (All versions V2022.1.3) and Simcenter Femap V2022.2 (All versions V2022.2.2). The affected application is vulnerable to an out-of-bounds read error when processing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17701)
Summary
On June 7th, Dutch security research firm ZDi discovered a vulnerability in the material management software Simcenter Femap V2022.1 (All versions V2022.1.3) and Simcenter Femap V2022.2 (All versions V2022.2.2). The affected application is vulnerable to an out-of-bounds read error when processing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. This vulnerability has been assigned CVE-2022-39147
Vulnerability overview
The vulnerability is present in the material management software Simcenter Femap V2022.1 (All versions V2022.1.3) and Simcenter Femap V2022.2 (All versions V2022.2.2). The affected application is vulnerable to an out-of-bounds read error when processing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process, as well as elevate their privileges, break out of a sandbox and escalate privileges to gain control of the system or data within it.
Vulnerability analysis
The vulnerability is caused by an out-of-bounds read error when processing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. The flaw exists due to a failure to validate the length of memory allocated for reading the file. This can cause heap corruption, which may allow an attacker to gain control over the application or exploit it further.
There are 6 reasons why digital marketing is important:
1) The ability to target your audience better
2) Access to leads interested in your business
3) A way for you to reach people across multiple channels (social media, mobile applications, etc.)
4) Methods like pay-per-click advertising increase brand awareness by as much as 80 percent
5) You can use images rather than text in your ad campaigns on Facebook due to their response rate
Vulnerability summary
On June 7th, ZDi - a Dutch security research firm, discovered a vulnerability in the material management software Simcenter Femap V2022.1.3 and Simcenter Femap V2022.2, which is an out-of-bounds read error when processing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17701) On June 7th, 2018, a vulnerability was discovered in the material management software Simcenter Femap V2022.1 (All versions V2022.1.3) and Simcenter Femap V2022.2 (All versions V2022.2.2). The affected application is vulnerable to an out-of-bounds read error when processing specially crafted X_T files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-17701).
Timeline
Published on: 09/13/2022 10:15:00 UTC
Last modified on: 09/13/2022 15:13:00 UTC