File Parsing Type Confusion Vulnerability in Ashlar-Vellum Cobalt XE
CVE-2024-13049

7.8HIGH

Key Information:

Vendor: Ashlar-Vellum
Status: Cobalt
Vendor: CVE Published:; 30 December 2024

🔔 Create Ashlar-Vellum Vulnerability Alert

What is CVE-2024-13049?

A vulnerability exists in Ashlar-Vellum Cobalt XE related to the parsing of XE files, where insufficient validation of user-supplied data allows for a type confusion vulnerability. This flaw can be exploited by remote attackers to execute arbitrary code in the context of the affected application. User interaction is necessary for the exploit to succeed, requiring the target user to visit a malicious web page or open a compromised XE file. Proper safeguards in file parsing and validation mechanisms are crucial to mitigate this threat.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1733/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 30, 2024