Remote Code Execution Vulnerability in Luxion KeyShot Viewer Due to KSP File Parsing
CVE-2024-30374

7.8HIGH

Key Information:

Vendor: Luxion
Status: Keyshot Viewer
Vendor: CVE Published:; 6 June 2024

Summary

The vulnerability in Luxion KeyShot Viewer arises from insufficient validation during the parsing of KSP files. This flaw allows attackers to exploit the system by causing an out-of-bounds write, leading to potential remote code execution. Accomplishing this requires user interaction, as the victim must open a harmful KSP file or visit a malicious website. Once exploited, attackers can execute arbitrary code in the context of the affected process, thereby compromising the integrity of the application and potentially the underlying system.

Affected Version(s)

KeyShot Viewer 2023.3_12.2.1.2

References

https://www.zerodayinitiative.com/advisories/ZDI-24-566/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
Mar 26, 2024