What is the vulnerability ID for the Sante DICOM Viewer Pro vulnerability?

The vulnerability ID is CVE-2022-24059.

What is the severity rating of the Sante DICOM Viewer Pro vulnerability?

The severity rating of the vulnerability is 7.8 (high).

How can remote attackers exploit the Sante DICOM Viewer Pro vulnerability?

Remote attackers can exploit the vulnerability by executing arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0.

What is the affected version of Sante DICOM Viewer Pro?

The affected version is 11.8.7.0.

Is user interaction required to exploit the Sante DICOM Viewer Pro vulnerability?

Yes, user interaction is required as the target must visit a malicious page or open a malicious file.

Are there any references available for the Sante DICOM Viewer Pro vulnerability?

Yes, you can find more information about the vulnerability at the following reference: [link](https://www.zerodayinitiative.com/advisories/ZDI-22-251/)

What is the Common Weakness Enumeration (CWE) ID for the Sante DICOM Viewer Pro vulnerability?

The Common Weakness Enumeration (CWE) ID for the vulnerability is CWE-787.

Vulnerability/
CVE-2022-24059

high

7.8

CWE

787

18/2/2022

3/8/2024

CVE-2022-24059: Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

First published: Fri Feb 18 2022(Updated: )

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. Crafted data in a DCM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process Was ZDI-CAN-15098.

Credit: zdi-disclosures@trendmicro.com

Affected Software	Affected Version	How to fix
Santesoft Dicom Viewer Pro	=11.8.7

Never miss a vulnerability like this again

Reference Links

https://www.zerodayinitiative.com/advisories/ZDI-22-251/

Frequently Asked Questions

What is the vulnerability ID for the Sante DICOM Viewer Pro vulnerability?
The vulnerability ID is CVE-2022-24059.
What is the title of the Sante DICOM Viewer Pro vulnerability?
The title of the vulnerability is Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability.
What is the severity rating of the Sante DICOM Viewer Pro vulnerability?
The severity rating of the vulnerability is 7.8 (high).
How can remote attackers exploit the Sante DICOM Viewer Pro vulnerability?
Remote attackers can exploit the vulnerability by executing arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0.
What is the affected version of Sante DICOM Viewer Pro?
The affected version is 11.8.7.0.
Is user interaction required to exploit the Sante DICOM Viewer Pro vulnerability?
Yes, user interaction is required as the target must visit a malicious page or open a malicious file.
Are there any references available for the Sante DICOM Viewer Pro vulnerability?
Yes, you can find more information about the vulnerability at the following reference: [link](https://www.zerodayinitiative.com/advisories/ZDI-22-251/)
What is the Common Weakness Enumeration (CWE) ID for the Sante DICOM Viewer Pro vulnerability?
The Common Weakness Enumeration (CWE) ID for the vulnerability is CWE-787.

collector/nvd-index
agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/title
agent/weakness
agent/author
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/softwarecombine
collector/zdi-advisory
source/ZDI
alias/ZDI-22-251
alias/ZDI-CAN-15098
alias/CVE-2022-24059
agent/software-canonical-lookup
agent/event
agent/trending
agent/tags
agent/source
vendor/santesoft
canonical/santesoft dicom viewer pro
version/santesoft dicom viewer pro/11.8.7
vendor/sante
canonical/sante dicom viewer pro