Headline

CVE-2022-34465

A vulnerability has been identified in Parasolid V33.1 (All versions), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap (All versions). The affected application contains an out of bounds read past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15420)

2 years ago

CVE

Open in Source

#vulnerability #pdf

%PDF-1.5 %�� 59 0 obj << /Length 2488 /Filter /FlateDecode >> stream x��r�8��j#ؗ�\ܱ�JO’�XrRS�>�%�fE5$’�e��i��o�@�F8z{��%בAFR͖��HK)c� *�-�/�4K�馜�R��i:��S"��߲2�I��0�ׄ�ǭ�WE��ͫ7�X=��9��bv��< �b$��O��-ݻ��g0^Eӓ��@T�ۂi�SB"��L͑Q|��G��0d�RM ��ԁAӳS�#��!ADD�� F�10(��!,0�u��l��n(�|ߐĴs�1r�� L��ƴ��գ��B��j�㨀)�@ 1!�`\t4��D�x�ڤE�W��u@��`��:�(]�H+3D�ƅhӑmz�Ir�X�bj ��!��R��tS��!��iD�Q��\"jF1��dL��/�u��D�> wL�Q�G :�4�$��{�Y��,�bP⠪��`A�і�H�|��qtJ�lxؿs1n�͓*�7>��’U��4��S�N ��vB��q�O��.�.�ybכ]Q��&�iQ�鰛M�O��z�}�N��o ?�5)��yaPR� �Ge!93(��:�X�Ц!��2�bz��D��.��@� ��lݲ\��/’��ܣ�-7��p��H��ܿ/�0X.��y��W _�r��* �aQ��,J?�q��ߜ7w���$@��U}�ÁŕM�d��ަE��l/��$(��:�$N� �nJ ��0��UZ��,��pq��6��2^’E��[��gWzN�� W�4�Ax��|[c��@1�w�Gˣx�Uw]��U ��J��M ~8�z!j’U�4�-�l-X��s�6>ަ~�� Űn��:��y�0S��=R� 6X�m:G�s�r��{��ɘ�� I��`�~3 �Mϱ-�yZ:� 9�߄� ۀ�/�X��%nꞮR�!?�sn,�ZN��xn �M’+?o� /j��/�A�t�A�| ,��d��G��<�0��T��+��FH �L{�je�.N�M�j�Y��6 ٦�[ڂ�c{v�E�� x��A�x.��<��?�Ϡ��]Q�XZ�;~:�:J`��@�P;�"��!xH��M^��G��>��ǥ$[%>�{��P� �D��P6"V��Ǌ��ˋ7��j�dY��P7R�Wg1�� !o��R��յe��7�i_�Ճ>�#]�8��La�&��C�)ň�8�̡3Fq"�!n�q�ڈO?�~3{��C��Z�G!9�H��1��s��B0�PP��X Yw>��6��\��!�ىic�)�m R.�h��

SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.