CVE-2018-7509 – Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2018-7509

WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. WPLSoft en Delta Electronics en versiones 2.45.0 y anteriores escribe datos desde un archivo fuera de los límites del espacio de búfer planeado, lo que podría provocar la corrupción de la memoria o permitir la ejecución remota de código. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of .dvp files. The issue results from the lack of proper validation of user-supplied data, which can result in a write outside the bounds of an allocated data structure. • http://www.securityfocus.com/bid/103179 https://ics-cert.us-cert.gov/advisories/ICSA-18-058-02 • CWE-787: Out-of-bounds Write •