From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability 2. Vulnerability ID: ZDI-24-1612, ZDI-CAN-23826 3. CVE ID: CVE-2024-11581 4. CVSS Score: 7.8, AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 5. Affected Vendor: Luxion 6. Affected Product: KeyShot 7. Vulnerability Details: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Luxion KeyShot installations. - User interaction is required, such as visiting a malicious webpage or opening a malicious file. - The issue arises from insufficient validation of user-supplied data during JT file parsing, potentially leading to data being read before the buffer is allocated. - Attackers can leverage this vulnerability to execute code within the context of the current process. 8. Additional Details: - Luxion has released an update to fix this vulnerability. - More details can be found at the following link: https://download.keyshot.com/cert/ksa-655925/ksa-655925.pdf?version=1.0&_gl=11vzfrlf_gcl_auMTIxNTA2Njg4MS4xNzMxNTMwMjix 9. Disclosure Timeline: - 2024-04-26 - Vulnerability reported to vendor - 2024-11-21 - Coordinated public disclosure of vulnerability advisory - 2024-11-21 - Vulnerability advisory updated 10. Credit: Anonymous