easySoft software v7.20 di Eaton e prima sono suscettibili di tipo di file parsing confusione codice remoto vulnerabilità di esecuzione. Un’entità dannoso in grado di eseguire un codice maligno o fare il crash dell’applicazione ingannando utente caricare un file non valido .E70 nell’applicazione. La vulnerabilità si pone a causa di convalida errata dei dati degli utenti forniti attraverso il file di E70 che sta causando Tipo Confusione.
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf
https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/easySoft-eaton-vulnerability-advisory.pdf
https://www.zerodayinitiative.com/advisories/ZDI-20-1441/
https://www.zerodayinitiative.com/advisories/ZDI-20-1441/
https://www.zerodayinitiative.com/advisories/ZDI-20-1442/
https://www.zerodayinitiative.com/advisories/ZDI-20-1442/
https://www.zerodayinitiative.com/advisories/ZDI-20-1444/
https://www.zerodayinitiative.com/advisories/ZDI-20-1444/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6656