Severity

Medium

Analysis Summary

CVE-2020-27288

An untrusted pointer dereference has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

CVE-2020-27284

The affected product is vulnerable to two out-of-bounds write instances in the way it processes project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.

Impact

• Privilege execution
• Arbitrary code execution

Affected Vendors

Delta Electronics

Affected Products

TPEditor v1.98 and prior

Remediation

Delta recommends updating to v1.98.03 or later.