Type Confusion in Delta Electronics DRASimuCAD STP File Parsing
CVE-2024-12834

Currently unrated

Key Information:

Vendor: Delta Electronics
Status: Drasimucad
Vendor: CVE Published:; 30 December 2024

Summary

The type confusion vulnerability in Delta Electronics DRASimuCAD arises due to improper validation of user-provided data during the parsing of STP files. This flaw can be exploited by a remote attacker through a specially crafted malicious file or webpage that prompts user interaction. Once activated, the attacker can execute arbitrary code within the context of the affected process, potentially compromising the security of the system. This vulnerability emphasizes the importance of stringent data validation and user awareness of file origins.

Affected Version(s)

DRASimuCAD 1.02

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1722/

x_research-advisory

Timeline

Vulnerability published
Dec 30, 2024