Summary
Lexmark MarkVision Enterprise is prone to a remote code-execution vulnerability because it fails to sufficiently sanitize user-supplied input.
Impact
Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of affected application. Failed attacks may cause a denial-of-service condition.
Solution
The vulnerability has been fixed in MarkVision Enterprise v2.1 and all future releases.
Affected
Versions prior to Lexmark MarkVision Enterprise 2.1 are vulnerable.
Detection
Try to upload a file with a special crafted HTTP POST request.
References
Severity
Classification
-
CVE CVE-2014-8741 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities