N/A

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716.

N/A

跨界内存写

OpenText Brava! 缓冲区错误漏洞

Opentext OpenText Brava!是加拿大OpenText（Opentext）公司的一款基于浏览器的通用文档查看器。该产品支持查看、注释和编辑多种类型的文档。 OpenText Brava! Desktop存在缓冲区错误漏洞，该漏洞源于缺乏对用户提供的数据的正确验证，这可能导致写入超出已分配的缓冲区的末端。此漏洞允许远程攻击者可利用该漏洞在受影响的OpenText Brava! Desktop上执行任意代码。需要用户交互来利用这个漏洞，因为目标必须访问一个恶意页面或打开一个恶意文件。具体的缺

N/A

N/A