CVE-2019-25358

Summary

FileOptimizer 14.00.2524 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the FileOptimizer32.ini configuration file. Attackers can overwrite the TempDirectory parameter with a 5000-character buffer to cause the application to crash when opening options.

Affected Software

VendorProductVersion RangeStatus
nikkhokkhoFileOptimizer14.00.2524affected

Weaknesses

  • CWE-1282: Assumed-Immutable Data is Stored in Writable Memory

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References