CVE-2015-2061 – PTC Creo View Heap Buffer Overflow Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-2061

Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. Desbordamiento de buffer basado en memoria dinámica en el plugin browser para PTC Creo View permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran configurar un buffer grande a un atributo no especificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PTC Creo View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Creo View browser plugin. An attacker can trigger a heap overflow, by setting a large buffer to a specific attribute. • http://www.securityfocus.com/bid/72836 http://www.zerodayinitiative.com/advisories/ZDI-15-051 https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS172389 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •