Remote Code Execution Vulnerability in OpenText Brava! Desktop
CVE-2021-31489

7.8HIGH

Key Information:

Vendor: Opentext
Status: Brava! Desktop
Vendor: CVE Published:; 15 June 2021

Summary

A remote code execution vulnerability exists in OpenText Brava! Desktop versions, allowing attackers to execute arbitrary code. The flaw arises during the parsing of DWF files, due to inadequate validation of user-supplied data. This can lead to a situation where an attacker can perform a write operation beyond the boundaries of an allocated buffer. Exploitation requires victims to open a malicious file or visit a harmful web page, which triggers the code execution in the context of the vulnerable application.

Affected Version(s)

Brava! Desktop 16.6.3.84

References

https://www.zerodayinitiative.com/advisories/ZDI-21-629/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2021
Vulnerability Reserved
Apr 16, 2021

Credit

rgod