CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4499 – Panasonic FPWIN Pro GetBlock Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4499
Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service (application crash) via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 permite a usuarios locales provocar una denegación de servicio (caída de aplicación) a través de vectores no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to a write beyond the end of a heap buffer in the GetBlock method of the HEAPSTREAM object. • http://www.securityfocus.com/bid/90522 http://zerodayinitiative.com/advisories/ZDI-16-330 http://zerodayinitiative.com/advisories/ZDI-16-331 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4498 – Panasonic FPWIN Pro CPlcSetting::Load Uninitialized Pointer Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4498
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an uninitialized pointer, which allows local users to cause a denial of service or possibly have unspecified other impact via unknown vectors. Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 accede a un puntero no inicializado, lo que permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to execution outside of normal paths due to an uninitialized pointer dereference. • http://www.securityfocus.com/bid/90521 http://zerodayinitiative.com/advisories/ZDI-16-332 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4497 – Panasonic FPWIN Pro DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-4497
Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." Panasonic FPWIN Pro 5.x hasta la versión 7.x en versiones anteriores a 7.130 permite a usuarios locales provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que aprovechan "confusión de tipo". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing of a project file. A specially-crafted project file will lead to type confusion in DeleteAndCreateSysRegDecls_And_SaveSysRegDeclsDatabaseIdsToTheSysRegDeclInfoMap. • http://www.securityfocus.com/bid/90523 http://zerodayinitiative.com/advisories/ZDI-16-334 https://ics-cert.us-cert.gov/advisories/ICSA-16-131-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 71%CPEs: 1EXPL: 0CVE-2015-4647 – Panasonic Security API SDK Ipropsapi ActiveX Control FilePassword Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4647
Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method. Múltiples desbordamientos de buffer basado en pila en Ipropsapi en Panasonic Security API (PS-API) ActiveX SDK anterior a 8.10.18 permiten a atacantes remotos ejecutar código arbitrario a través de una cadena larga en la (1) propiedad FilePassword o en el (2) método GetStringInfo. This vulnerability could allow remote attackers to execute arbitrary code on vulnerable installations of the Panasonic Security API SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the FilePassword property. By setting FilePassword to a very large string, an attacker can cause a fixed-length stack buffer to overflow. • http://security.panasonic.com/pss/security/library/developer.html#SDK http://www.securityfocus.com/bid/75409 http://www.zerodayinitiative.com/advisories/ZDI-15-259 http://www.zerodayinitiative.com/advisories/ZDI-15-260 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 90%CPEs: 1EXPL: 0CVE-2015-4648 – Panasonic Security API SDK ipropsapivideo ActiveX Control MulticastAddr Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-4648
Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitrary code via a long string to the MulticastAddr method. Desbordamiento de buffer basado en pila en el control de ActiveX Ipropsapi.ipropsapiCtrl.1 en ipropsapivideo en Panasonic Security API (PS-API) ActiveX SDK anterior a 8.10.18 permite a atacantes remotos ejecutar código arbitrario a través de una cadena larga en el método MulticastAddr. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic Security API. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Ipropsapi.ipropsapiCtrl.1 ActiveX control. By passing an overly long string to the MulticastAddr method, an attacker can overflow a buffer on the stack. • http://security.panasonic.com/pss/security/library/developer.html#SDK http://www.securityfocus.com/bid/75405 http://www.zerodayinitiative.com/advisories/ZDI-15-261 • CWE-20: Improper Input Validation •