1. EXECUTIVE SUMMARY
- CVSS v3 7.8
- ATTENTION: Low attack complexity
- Vendor: Santesoft
- Equipment: Sante DICOM Viewer Pro
- Vulnerability: Out-of-Bounds Read
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code on affected installations of the product.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Santesoft products and versions are affected:
- Sante DICOM Viewer Pro: Versions 14.0.3 and prior
3.2 Vulnerability Overview
3.2.1 OUT-OF-BOUNDS READ CWE-125
In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.
CVE-2024-1453 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Cyprus
3.4 RESEARCHER
Michael Heinzl reported this vulnerability to CISA.
4. MITIGATIONS
Santesoft released an updated version of their product and recommends updating Sante DICOM Viewer Pro to v14.0.4 or later.
CISA recommends users take the following measures to protect themselves from social engineering attacks:
- Do not click web links or open attac
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: