Vulnerabilites related to sweetscape - 010_editor
CVE-2019-12551 (GCVE-0-2019-12551)
Vulnerability from cvelistv5
Published
2019-07-22 19:31
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm | x_refsource_MISC | |
| https://github.com/ereisr00/bagofbugz/blob/master/010Editor | x_refsource_MISC | |
| https://ereisr00.github.io/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ereisr00.github.io/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T19:31:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ereisr00.github.io/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm",
"refsource": "MISC",
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"name": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor",
"refsource": "MISC",
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"name": "https://ereisr00.github.io/",
"refsource": "MISC",
"url": "https://ereisr00.github.io/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12551",
"datePublished": "2019-07-22T19:31:57",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12555 (GCVE-0-2019-12555)
Vulnerability from cvelistv5
Published
2019-06-05 16:17
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sweetscape.com/010editor/release_notes.html | x_refsource_CONFIRM | |
| https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T16:17:25",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sweetscape.com/010editor/release_notes.html",
"refsource": "CONFIRM",
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"name": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt",
"refsource": "MISC",
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12555",
"datePublished": "2019-06-05T16:17:25",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-5229 (GCVE-0-2010-5229)
Vulnerability from cvelistv5
Published
2012-09-07 10:00
Modified
2024-09-17 02:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sweetscape.com/010editor/release_notes.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/41094 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:17:10.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sweetscape.com/010editor/release_notes.html"
},
{
"name": "41094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41094"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-07T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sweetscape.com/010editor/release_notes.html"
},
{
"name": "41094",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41094"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sweetscape.com/010editor/release_notes.html",
"refsource": "CONFIRM",
"url": "http://www.sweetscape.com/010editor/release_notes.html"
},
{
"name": "41094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41094"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-5229",
"datePublished": "2012-09-07T10:00:00Z",
"dateReserved": "2012-09-07T00:00:00Z",
"dateUpdated": "2024-09-17T02:11:47.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12552 (GCVE-0-2019-12552)
Vulnerability from cvelistv5
Published
2019-07-22 19:40
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm | x_refsource_MISC | |
| https://github.com/ereisr00/bagofbugz/blob/master/010Editor | x_refsource_MISC | |
| https://ereisr00.github.io/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:39.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ereisr00.github.io/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-22T19:40:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ereisr00.github.io/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm",
"refsource": "MISC",
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"name": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor",
"refsource": "MISC",
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"name": "https://ereisr00.github.io/",
"refsource": "MISC",
"url": "https://ereisr00.github.io/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12552",
"datePublished": "2019-07-22T19:40:37",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:39.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12554 (GCVE-0-2019-12554)
Vulnerability from cvelistv5
Published
2019-06-05 16:23
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sweetscape.com/010editor/release_notes.html | x_refsource_CONFIRM | |
| https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.985Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T16:23:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sweetscape.com/010editor/release_notes.html",
"refsource": "CONFIRM",
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"name": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt",
"refsource": "MISC",
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12554",
"datePublished": "2019-06-05T16:23:49",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.985Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12553 (GCVE-0-2019-12553)
Vulnerability from cvelistv5
Published
2019-06-05 16:20
Modified
2024-08-04 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.sweetscape.com/010editor/release_notes.html | x_refsource_CONFIRM | |
| https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:24:38.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-04-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-05T16:20:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sweetscape.com/010editor/release_notes.html",
"refsource": "CONFIRM",
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"name": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt",
"refsource": "MISC",
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12553",
"datePublished": "2019-06-05T16:20:28",
"dateReserved": "2019-06-02T00:00:00",
"dateUpdated": "2024-08-04T23:24:38.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-07-22 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ereisr00.github.io/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/ereisr00/bagofbugz/blob/master/010Editor | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ereisr00.github.io/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ereisr00/bagofbugz/blob/master/010Editor | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sweetscape | 010_editor | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sweetscape:010_editor:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B36AB4CA-0A26-4E37-A093-C06C0CB63B1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service."
},
{
"lang": "es",
"value": "En SweetScape 010 Editor versi\u00f3n 9.0.1, un desbordamiento de enteros durante la inicializaci\u00f3n de variables podr\u00eda permitir que un atacante provoque una condici\u00f3n de denegaci\u00f3n de servicio."
}
],
"id": "CVE-2019-12552",
"lastModified": "2024-11-21T04:23:05.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-22T20:15:10.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ereisr00.github.io/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ereisr00.github.io/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 17:29
Modified
2024-11-21 04:23
Severity ?
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sweetscape.com/010editor/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sweetscape.com/010editor/release_notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sweetscape | 010_editor | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sweetscape:010_editor:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B36AB4CA-0A26-4E37-A093-C06C0CB63B1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the SubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application."
},
{
"lang": "es",
"value": "En SweetScape 010 Editor 9.0.1, la validaci\u00f3n incorrecta de los argumentos en la implementaci\u00f3n interna de la funci\u00f3n SubStr (proporcionada por el motor de secuencias de comandos) permite que un atacante provoque una denegaci\u00f3n de servicio al bloquear la aplicaci\u00f3n."
}
],
"id": "CVE-2019-12555",
"lastModified": "2024-11-21T04:23:05.623",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T17:29:00.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/SubStr.bt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 17:29
Modified
2024-11-21 04:23
Severity ?
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sweetscape.com/010editor/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sweetscape.com/010editor/release_notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sweetscape | 010_editor | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sweetscape:010_editor:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B36AB4CA-0A26-4E37-A093-C06C0CB63B1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the WSubStr function (provided by the scripting engine) allows an attacker to cause a denial of service by crashing the application."
},
{
"lang": "es",
"value": "En SweetScape 010 Editor 9.0.1, la validaci\u00f3n incorrecta de los argumentos en la implementaci\u00f3n interna de la funci\u00f3n WSubStr (proporcionada por el motor de secuencias de comandos) permite que un atacante provoque una denegaci\u00f3n de servicio al bloquear la aplicaci\u00f3n."
}
],
"id": "CVE-2019-12554",
"lastModified": "2024-11-21T04:23:05.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T17:29:00.337",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/WSubStr.bt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-07 10:32
Modified
2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sweetscape | 010_editor | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sweetscape:010_editor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD5D147-EC3F-40C6-B133-1D7C6BA83F04",
"versionEndIncluding": "3.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in 010 Editor before 3.1.3 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .hex file. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en 010 Editor anterior a v3.1.3 permite a usuarios locales obtener privilegios a trav\u00e9s de un archivo wintab32.dll caballo de troya en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. Hex. NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html \u0027CWE-426 Untrusted Search Path\u0027",
"id": "CVE-2010-5229",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-07T10:32:19.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41094"
},
{
"source": "cve@mitre.org",
"url": "http://www.sweetscape.com/010editor/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sweetscape.com/010editor/release_notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-05 17:29
Modified
2024-11-21 04:23
Severity ?
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sweetscape.com/010editor/release_notes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sweetscape.com/010editor/release_notes.html | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sweetscape | 010_editor | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sweetscape:010_editor:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B36AB4CA-0A26-4E37-A093-C06C0CB63B1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution."
},
{
"lang": "es",
"value": "En SweetScape 010 Editor 9.0.1, la validaci\u00f3n incorrecta de los argumentos en la implementaci\u00f3n interna de la funci\u00f3n StrCat (proporcionada por el motor de scripting) permite que un atacante sobrescriba la memoria arbitraria, lo que podr\u00eda llevar a la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2019-12553",
"lastModified": "2024-11-21T04:23:05.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T17:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/release_notes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-07-22 20:15
Modified
2024-11-21 04:23
Severity ?
Summary
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://ereisr00.github.io/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/ereisr00/bagofbugz/blob/master/010Editor | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ereisr00.github.io/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ereisr00/bagofbugz/blob/master/010Editor | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sweetscape | 010_editor | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sweetscape:010_editor:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B36AB4CA-0A26-4E37-A093-C06C0CB63B1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution."
},
{
"lang": "es",
"value": "En SweetScape 010 Editor versi\u00f3n 9.0.1, la validaci\u00f3n incorrecta de los argumentos en la implementaci\u00f3n interna de la funci\u00f3n Memcpy (proporcionada por el motor de secuencias de comandos) permite que un atacante sobrescriba la memoria arbitraria, lo que podr\u00eda llevar a la ejecuci\u00f3n del c\u00f3digo."
}
],
"id": "CVE-2019-12551",
"lastModified": "2024-11-21T04:23:05.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-07-22T20:15:10.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ereisr00.github.io/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://ereisr00.github.io/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ereisr00/bagofbugz/blob/master/010Editor"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.sweetscape.com/010editor/manual/ReleaseNotes.htm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}