[Update notice] Screen Creator Advance 2 software of GC-A2 Series
A vulnerability was found in Screen Creator Advance 2.
We will inform you of the contents and how to deal with it.
Please confirm the contents and apply the follow solution.
Product: Screen Creator Advance 2
Version: Prior to Ver.0.1.1.4 Build01A
Screen Creator Advance 2 contains a vulnerability listed below.
Vulnerability) Improper Restriction of Operations within the Bounds of a Memory Buffer
When a project file is opened in Screen Creator Advance 2, the process of reading the control information associated with the screen information contained in the file does not properly check the size of the data being handled.
Therefore, it is possible to read and write memory that is out of range by crafting the size in the project file in advance.
|CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Base score: 7.8
Information disclosure and/or arbitrary code execution may occur by having a user to open a specially crafted project file.
Update Screen Creator Advance 2
The version that contains a fix for this vulnerability is as follows.
The version not only addresses the vulnerability, but also takes measures to prevent crafted project file from being opened.
Version: Ver.0.1.1.4 Build01B and above
The latest version can be downloaded from the following our website.
Michael Heinzl reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with us.