CVE-2018-16518 : Security Advisory and Response

Prim'X Zed! FREE versions up to 1.0 build 186 and Zed! Limited Edition versions up to 6.1 build 2208 are affected by a directory traversal vulnerability that allows remote code execution.

Understanding CVE-2018-16518

This CVE describes a security flaw in Prim'X Zed! software that can lead to arbitrary file creation on a user's workstation.

What is CVE-2018-16518?

The vulnerability in Prim'X Zed! allows an attacker to execute remote code by using a specially crafted ZED! container, exploiting the watermark loading function.

The Impact of CVE-2018-16518

The vulnerability enables an attacker to place an executable file into a user's Startup folder, potentially leading to the creation of arbitrary files on the user's workstation.

Technical Details of CVE-2018-16518

Prim'X Zed! software is susceptible to remote code execution due to a directory traversal vulnerability.

Vulnerability Description

The flaw allows attackers to create arbitrary files on a user's workstation by manipulating ZED! containers and the watermark loading function.

Affected Systems and Versions

Prim'X Zed! FREE versions up to 1.0 build 186
Zed! Limited Edition versions up to 6.1 build 2208

Exploitation Mechanism

Attackers can exploit this vulnerability by using a specially crafted ZED! container to place an executable file into a user's Startup folder.

Mitigation and Prevention

It is crucial to take immediate steps to mitigate the risks posed by CVE-2018-16518.

Immediate Steps to Take

Disable or restrict access to Prim'X Zed! software until a patch is available.
Monitor for any suspicious activity related to file creation or system changes.

Long-Term Security Practices

Regularly update and patch Prim'X Zed! software to address known vulnerabilities.
Implement strong access controls and user permissions to prevent unauthorized file execution.

Patching and Updates

Stay informed about security updates and patches released by Prim'X for Zed! software.