CVE-2024-11581
CVSS 3.0 Score 7.8 of 10 (high)
Details
Summary
CVE-2024-11581 is a remote code execution vulnerability affecting Luxion KeyShot. Malicious jt files can trigger an out-of-bounds read issue in the software's parsing process, which allows attackers to execute arbitrary code on affected installations. User interaction is essential for exploitation, as the target must visit a malicious page or open the malicious file. The root cause of this vulnerability lies in insufficient validation of user-supplied data, leading to reading data before the start of an allocated buffer. This issue was identified as ZDI-CAN-23826.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.