CVE-2019-12553
CRITICALSweetScape 010 Editor 9.0.1 - Out-of-bounds Write via StrCat Function
Title source: llmDescription
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the StrCat function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.sweetscape.com/010editor/release_notes.html
Exploit, Third Party Advisory x_refsource_misc
https://github.com/ereisr00/bagofbugz/blob/master/010Editor/strcat_heap_overflow.bt
Scores
CVSS v3
9.8
EPSS
0.0244
EPSS Percentile
82.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
sweetscape/010_editor
9.0.1
Published
Jun 05, 2019
Tracked Since
Feb 18, 2026