Intrusion Prevention

Libmspack.cabd_sys_read_block.Off.By.One.Buffer.Overflow

Description

This indicates an attack attempt to exploit a Buffer Overflow vulnerability in Libmspack Project libmspack library.
The vulnerability is a result of an improper handling of block alignment when processing CAB files, leading to an off by one byte error. It may allow a remote attacker to execute arbitrary code within the context of the application.

Affected Products

Libmspack Project libmspack prior to 0.8 alpha
Products using the vulnerable library, including:
Libmspack Project cabextract prior to 1.8

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch available from the vendor:
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2

CVE References

CVE-2018-18584