Primary

Context

V-SFT Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in V-SFT versions through 6.2.5.0. The issue arises in the VS6File!CTxSubFile::get_ProgramFile_name function, where opening specially crafted V7 or V8 files can lead to a crash, information disclosure, and arbitrary code execution.

Impact

Exploitation of this vulnerability can cause a crash, unauthorized information disclosure, and allow for arbitrary code execution on the affected system.

Remediation

Users are advised to update to V-SFT version 6.2.6.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

V-SFT Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

FUJI ELECTRIC V-SFT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating