In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.
En TPEditor, de Delta Industrial Automation TPEditor, en versiones 1.90 y anteriores, podrían explotarse vulnerabilidades de desbordamiento de búfer basado en pila procesando archivos de proyecto especialmente manipulados que carecen de validación de entradas por parte del usuario antes de copiar los datos de los archivos de proyecto en la pila, lo que podría permitir que un atacante ejecute código arbitrario de forma remota.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation TPEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of MRC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
