The specific flaw exists within the parsing of a pm3 project file. A heap-based buffer overflow vulnerability exists in a call to memcpy. An attacker can leverage this vulnerability to execute arbitrary code in the context of the process. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
CVE Link
Exploit Platform
Exploit Type
Product Name