CVE-2017-6953: Buffer Overflow
First published: Mon May 08 2017(Updated: )
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gemalto SmartDiag Diagnosis Tool | <=2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-6953?
CVE-2017-6953 has a critical severity due to the potential for local code execution through a stack-based buffer overflow.
How do I fix CVE-2017-6953?
To fix CVE-2017-6953, update to a version of Gemalto SmartDiag Diagnosis Tool later than 2.5 to mitigate the vulnerability.
What software is affected by CVE-2017-6953?
CVE-2017-6953 affects Gemalto SmartDiag Diagnosis Tool version 2.5 and earlier.
Can CVE-2017-6953 be exploited remotely?
CVE-2017-6953 primarily poses a risk of local exploitation through untrusted input, rather than remote attacks.
What are the potential consequences of CVE-2017-6953?
Exploitation of CVE-2017-6953 may lead to local code execution, allowing an attacker to run arbitrary code on the affected system.
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- vendor/gemalto
- canonical/gemalto smartdiag diagnosis tool
- version/gemalto smartdiag diagnosis tool/2.5