Rewterz Threat Advisory – CVE-2021-1665 – Microsoft Windows GDI+ code execution
January 13, 2021Rewterz Threat Alert – Fresh IOCs – Emotet
January 13, 2021Rewterz Threat Advisory – CVE-2021-1665 – Microsoft Windows GDI+ code execution
January 13, 2021Rewterz Threat Alert – Fresh IOCs – Emotet
January 13, 2021Severity
Medium
Analysis Summary
CVE-2021-22697, CVE-2021-22698
When a malicious SSD file is uploaded and improperly parsed, an attacker could cause a use-after-free condition or stack-based buffer overflow resulting in remote code execution.
Impact
Remote code execution
Affected Vendors
Schneider Electric
Affected Products
EcoStruxure Power Build – Rapsody software Versions 2.1.13 and prior
Remediation
Schneider Electric recommends affected users immediately apply the following mitigations to reduce the risk of exploit:
- Apply the principle of least privilege to limit access to the computer running the Rapsody software.
- Install application whitelisting software on the computer to block the execution of malicious code.
- Install antivirus on the computer and keep it up to date.