Multiple vulnerabilities in WinHex

Posted date 28/11/2023

Importance

4 - High

Affected Resources

WinHex 16.1 SR-1;
WinHex 20.4.

Description

INCIBE has coordinated the publication of 2 vulnerabilities affecting WinHex, a universal hexadecimal editor, which have been discovered by Rafael Pedrero.

These vulnerabilities have been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-6361 y CVE-2023-6362: CVSS v3.1: 7.3 | CVSS: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-119.

Solution

The vulnerabilities have been fixed in v20.8 SR-4 version.

Detail

CVE-2023-6361 and CVE-2023-6362: a vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.

References list

Vendor website

Etiquetas

0day
Update
CNA
Vulnerability