We updated Screen Creator Advance2 for GC-A2 Series, and released installer of new version(Ver0111B04).

1.Overview

A vulnerability was found in Screen Creator Advance 2.

We will inform you of the contents and how to deal with it.

Please confirm the contents and apply the follow solution.

2.Products Affected

Product: Screen Creator Advance 2

Version: Ver.0.1.1.1 Build02 and earlier

3.Description

Remote code execution vulnerability caused stack based buffer overflow in file parsing.

CVE ID:CVE-2022-27648

Other ID:ZDI-CAN-14868

CVSS v3 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H  Base Score: 7.8

4.Impact

Information arbitrary code execution may occur by having a user to open a specially crafted file.

5.Solution

Update Screen Creator Advance 2

The version that contains the fix for this vulnerability is as follows.

Ver.0.1.1.1 Build04

6. Credit

This vulnerability was discovered by:

Tran Van Khang-khangkito (VinCSS) working with Trend Micro Zero Day Initiative.