How severe is CVE-2023-35711?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2023-35711?

This is classified as CWE-822, which is a common weakness in software security.

CVE-2023-35711 - HIGH Severity | CVSS 7

Vulnerability Description

Ashlar-Vellum Cobalt XE File Parsing Untrusted Pointer Dereference Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-20189.

Related Vulnerabilities

CVE-2024-26213

HIGH

CVSS:7.0(High)

Microsoft Brokering File System Elevation of Privilege Vulnerability

CWE-8222024

CVE-2024-30090

HIGH

CVSS:7.0(High)

Microsoft Streaming Service Elevation of Privilege Vulnerability

CWE-8222024

CVE-2024-43553

HIGH

CVSS:7.0(High)

NT OS Kernel Elevation of Privilege Vulnerability

CWE-8222024

CVE-2022-22514

HIGH

CVSS:7.1(High)

An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the at...

CWE-8222022

CVE-2024-26252

MEDIUM

CVSS:6.8(Medium)

Windows rndismp6.sys Remote Code Execution Vulnerability

CWE-8222024

CVE-2022-34890

HIGH

CVSS:7.3(High)

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-priv...

CWE-8222022