Remote Code Execution Flaw in OpenText Brava! Desktop by OpenText
CVE-2021-31490

7.8HIGH

Key Information:

Vendor: Opentext
Status: Brava! Desktop
Vendor: CVE Published:; 15 June 2021

Summary

This security weakness in OpenText Brava! Desktop affects version 16.6.3.84 and allows remote attackers to execute arbitrary code. The vulnerability arises from improper validation of user input while parsing DWF files, leading to potential buffer overflows. Successful exploitation requires user interaction, such as visiting a malicious webpage or opening a compromised file. Once triggered, attackers can execute code in the context of the affected process, posing significant risks to system integrity and data security.

Affected Version(s)

Brava! Desktop 16.6.3.84

References

https://www.zerodayinitiative.com/advisories/ZDI-21-630/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2021
Vulnerability Reserved
Apr 16, 2021

Credit

rgod