CNNVD-202508-2540 Information

CNNVD ID

CNNVD-202508-2540

Related CVE

CVE-2010-20114

• CNNVD Published: 2025-08-21

Description (Chinese)

VariCAD EN是捷克VariCAD公司的一款机械工程设计软件。 VariCAD EN 2010-2.05及之前版本存在安全漏洞，该漏洞源于解析.dwb文件时未验证输入长度，可能导致栈缓冲区溢出和执行任意代码。

Description (English)

VariCAD En is a mechanical engineering design software for the Czech company VariCAD. There is a security loophole in the Varicad EN 2010-2.05 and earlier versions, which stems from the failure to verify the input length when deciphering the.dwb file, which could lead to the spilling out of the fence and the implementation of any code.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

VariCAD

Published

2025-08-21

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/11789 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/varicad_dwb.rb https://www.vulncheck.com/advisories/varicad-en-dwb-file-stack-buffer-overflow https://www.varicad.com/en/home/ https://www.seebug.org/vuldb/ssvid-71154 https://www.fortiguard.com/encyclopedia/ips/18735 https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=26522 https://nvd.nist.gov/vuln/detail/CVE-2010-20114