CVE-2022-40655
CVSS 3.1 Score 7.8 of 10 (high)
Details
Summary
CVE-2022-40655 is a vulnerability affecting NIKON NIS-Elements Viewer 1.2100.1483.0. This issue allows remote attackers to execute arbitrary code on affected systems by exploiting a flaw in the parsing of ND2 files. The vulnerability arises due to the lack of proper validation of user-supplied data prior to copying it to a heap-based buffer. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. Successful attacks enable attackers to execute code in the context of the current process. ZDI-CAN-15071 first disclosed this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Nikon