CVE-2017-7908 : Security Advisory and Response

GE Communicator 3.15 and prior versions are affected by a heap-based buffer overflow vulnerability due to Gigasoft v5. This CVE was published on October 2, 2018, by ICS-CERT.

Understanding CVE-2017-7908

This CVE involves a heap-based buffer overflow vulnerability in GE Communicator.

What is CVE-2017-7908?

The vulnerability arises from the third-party product Gigasoft, v5, and earlier versions, which are part of GE Communicator 3.15 and prior. It can be exploited by a malicious HTML file loading ActiveX controls and making unchecked function calls.

The Impact of CVE-2017-7908

The vulnerability allows attackers to execute arbitrary code or cause a denial of service by triggering the buffer overflow.

Technical Details of CVE-2017-7908

GE Communicator is susceptible to a heap-based buffer overflow vulnerability due to Gigasoft v5.

Vulnerability Description

A heap-based buffer overflow exists in Gigasoft v5, included in GE Communicator 3.15 and earlier. An attacker can exploit this by using a malicious HTML file to trigger the vulnerability through unchecked function calls.

Affected Systems and Versions

Product: GE Communicator
Vendor: GE
Versions Affected: Communicator 3.15 and prior

Exploitation Mechanism

The vulnerability can be exploited by a malicious HTML file that loads ActiveX controls and makes unchecked function calls.

Mitigation and Prevention

To address CVE-2017-7908, follow these steps:

Immediate Steps to Take

Disable ActiveX controls in web browsers.
Implement proper input validation to prevent buffer overflows.
Regularly update GE Communicator to the latest version.

Long-Term Security Practices

Conduct regular security assessments and penetration testing.
Educate users on safe browsing practices and the risks of executing unknown files.

Patching and Updates

Apply patches provided by GE for GE Communicator to fix the vulnerability.