Remote Code Execution Vulnerability in OpenText Brava! Desktop by OpenText
CVE-2021-31512

7.8HIGH

Key Information:

Vendor: Opentext
Status: Brava! Desktop
Vendor: CVE Published:; 29 June 2021

Summary

A recently discovered vulnerability in OpenText Brava! Desktop allows attackers to execute arbitrary code through the exploitation of TIF file parsing. This flaw stems from inadequate validation of user-supplied data, allowing an attacker to trigger a buffer over-read if a user opens a specially crafted file or visits a malicious webpage. Successful exploitation could lead to remote code execution within the context of the affected process, posing significant risks to sensitive data and system integrity.

Affected Version(s)

Brava! Desktop Build 16.6.4.55

References

https://www.zerodayinitiative.com/advisories/ZDI-21-690/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 29, 2021
Vulnerability Reserved
Apr 16, 2021

Credit

Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative