CVE-2017-8387

MEDIUM

Stdutility Stdu Viewer - Memory Corruption

Title source: rule

Description

STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ commands.

References (1)

[Exploit, Third Party Advisory] https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8387

Scores

CVSS v3 5.5

EPSS 0.0038

EPSS Percentile 59.0%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (2)

stdutility/stdu_viewer

n/a/n/a

Published Jul 05, 2017

Tracked Since Feb 18, 2026