First, the Open Inventor File is received by the victim and executed; second, the victim process receives a specially crafted Open Inventor File that is executed by a Remote Code Execution. As a result, we can get the system access or even full control. The same process can be applied to any other software that can be received by the victim. This attack can be used to manipulate critical system processes, perform code injection, steal data, etc. If this attack is successful, the victim may not be able to use any of their system functions. End users may receive an error message stating that the system is not responding, though in reality they can still access the system.

Vulnerability Found By: NCC Group

A vulnerability was found in Open Inventor File that can be exploited by malicious files. It is a privilege escalation vulnerability and it can be used to take over the system with limited privileges.
The victim process receives a specially crafted file, which is then executed by a Remote Code Execution. As a result, the malicious file may gain access to any critical system functions such as privilege escalation, code injection, data theft, etc. System processes are not affected because they are running at a high-privileged level and thus cannot be hijacked by the malicious file.
End users may receive an error message stating that the system is not responding, though in reality they can still access the system.

Vulnerability discovery and analysis

This vulnerability was discovered by Alireza Hezarkhani, the researcher behind "CVE-2022-40691" which is a vulnerability in Microsoft Office 2016.

Timeline

Published on: 10/11/2022 21:15:00 UTC
Last modified on: 10/12/2022 20:19:00 UTC

References