cbcvebase.
CVE-2020-13579
published 2021-02-04

CVE-2020-13579: An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A…

PriorityP357high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
72.56%
99.4th percentile
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
softmakerplanmaker_2021

Detection & IOCsextracted from sources · hover to see the quote

snort
56209
snort
55210
snort
56212
snort
56213
snort
56226
snort
56227
snort
56228
snort
56229
  • CVE-2020-13579 is triggered by document records 0x8011 and 0x820a in PlanMaker's native format; monitor for parsing of these specific record types in PlanMaker documents.
  • The vulnerability results in a heap-based buffer overflow during document parsing; heap corruption telemetry or crash dumps from PlanMaker.exe opening untrusted documents should be investigated.
  • Delivery vector is a specially crafted PlanMaker document; alert on PlanMaker opening documents from untrusted/external sources (email attachments, downloads).
  • ·Snort rule numbers listed include rules covering multiple CVEs in the same advisory (CVE-2020-13579 through CVE-2020-13586); not all rules map exclusively to CVE-2020-13579.
  • ·Confirmed affected version is SoftMaker Office PlanMaker 2021 Revision 1014 only; other revisions were not tested.

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.