CVE-2018-18987
HIGHVT-Designer 2.1.7.31 - Deserialization of Untrusted Data
Title source: llmDescription
VT-Designer Version 2.1.7.31 is vulnerable by the program populating objects with user supplied input via a file without first checking for validity, allowing attacker supplied input to be written to known memory locations. This may cause the program to crash or allow remote code execution.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/106071
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-333-01
Scores
CVSS v3
8.8
EPSS
0.0320
EPSS Percentile
86.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
invt/vt-designer
2.1.7.31
Published
Nov 30, 2018
Tracked Since
Feb 18, 2026