Out-Of-Bounds Write Vulnerability in Ashlar-Vellum Cobalt XE File Parsing
CVE-2024-13048

7.8HIGH

Key Information:

Vendor: Ashlar-Vellum
Status: Cobalt
Vendor: CVE Published:; 30 December 2024

🔔 Create Ashlar-Vellum Vulnerability Alert

What is CVE-2024-13048?

The vulnerability in Ashlar-Vellum Cobalt XE revolves around the improper validation of user-supplied data during the parsing of XE files. This flaw enables attackers to manipulate the content of these files, potentially allowing them to execute arbitrary code in the context of the affected application. To exploit this vulnerability, an attacker must entice a user to open a malicious XE file or visit a specially crafted webpage. This negligence in handling user data can lead to critical security risks for affected users and organizations.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1732/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2024