From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Name: Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 2. Vulnerability IDs: - ZDI-24-1610 - ZDI-CAN-23697 3. CVE ID: CVE-2024-11579 4. CVSS Score: 7.8 5. Affected Vendor: Luxion 6. Affected Product: KeyShot 7. Vulnerability Details: - Remote attackers can exploit this vulnerability to execute arbitrary code on affected Luxion KeyShot installations. - User interaction is required, such as accessing a malicious webpage or opening a malicious file. - The issue lies in the parsing of OBJ files, where insufficient validation of user-supplied data leads to writing beyond the allocated buffer. - Attackers can leverage this vulnerability to execute code within the context of the current process. 8. Additional Details: - Luxion has released an update to fix this vulnerability. - More details can be found at the following link: https://download.keyshot.com/cert/ksa-655925/ksa-655925.pdf?version=1.0&_gl=11vzfrlf_gcl_auMTIxNTA2Njg4MS4xNzMxNTMwMjix 9. Disclosure Timeline: - 2024-04-26 - Vulnerability reported to vendor - 2024-11-21 - Coordinated public disclosure of vulnerability advisory - 2024-11-21 - Vulnerability advisory updated 10. Credit: Anonymous