Vulnerability Details : CVE-2017-14627
Public exploit exists!
Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2017-14627
Probability of exploitation activity in the next 30 days: 56.25%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2017-14627
-
CyberLink LabelPrint 2.5 Stack Buffer Overflow
Disclosure Date: 2017-09-23First seen: 2020-04-26exploit/windows/fileformat/cyberlink_lpp_bofThis module exploits a stack buffer overflow in CyberLink LabelPrint 2.5 and below. The vulnerability is triggered when opening a .lpp project file containing overly long string characters via open file menu. This results in overwriting a structured exception handler record
CVSS scores for CVE-2017-14627
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-14627
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-14627
-
https://www.exploit-db.com/exploits/45985/
CyberLink LabelPrint 2.5 - Stack Buffer Overflow (Metasploit)
-
https://www.exploit-db.com/exploits/42777/
CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)Exploit;Third Party Advisory;VDB Entry
-
https://blog.spentera.com/2017/09/19/unicode-stack-based-buffer-overflow-on-cyberlink-labelprint-2-5/
Exploit;Technical Description;Third Party Advisory
Products affected by CVE-2017-14627
- cpe:2.3:a:cyberlink:labelprint:2.5:*:*:*:*:*:*:*