Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in WinHex

Posted date 28/11/2023
Identificador
INCIBE-2023-0524
Importance
4 - High
Affected Resources
  • WinHex 16.1 SR-1;
  • WinHex 20.4.

Description

INCIBE has coordinated the publication of 2 vulnerabilities affecting WinHex, a universal hexadecimal editor, which have been discovered by Rafael Pedrero.

These vulnerabilities have been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-6361 y CVE-2023-6362: CVSS v3.1: 7.3 | CVSS: AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | CWE-119.

Solution

The vulnerabilities have been fixed in v20.8 SR-4 version.

Detail
  • CVE-2023-6361 and CVE-2023-6362: a vulnerability has been discovered in Winhex affecting version 16.1 SR-1 and 20.4. This vulnerability consists of a buffer overflow controlling the Structured Exception Handler (SEH) registers. This could allow attackers to execute arbitrary code via a long filename argument.
References list
Vendor website
Etiquetas