First published: Tue Nov 05 2019(Updated: )
An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Investintech Able2Extract | =14.0.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2019-5088.
CVE-2019-5088 has a severity level of 7.8, which is considered high.
Investintech Able2Extract Professional 14.0.7 x64 is affected by CVE-2019-5088.
CVE-2019-5088 can be triggered by sending a specially crafted BMP file.
To mitigate the impact of CVE-2019-5088, it is recommended to update Investintech Able2Extract Professional to a version that includes a fix for the vulnerability.