CVE-2018-16518 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2018-16518?

CVE-2018-16518 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to execute arbitrary code on affected Prim'X Zed! installations through directory traversal in watermark loading. By crafting malicious ZED! containers, attackers can place executable files in the Startup folder, leading to automatic execution when users log in. All users of vulnerable versions are affected.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on affected Prim'X Zed! installations through directory traversal in watermark loading. By crafting malicious ZED! containers, attackers can place executable files in the Startup folder, leading to automatic execution when users log in. All users of vulnerable versions are affected.

💻 Affected Systems

Products:

Prim'X Zed! FREE
Prim'X Zed! Limited Edition

Versions: Zed! FREE through 1.0 build 186, Zed! Limited Edition through 6.1 build 2208

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in watermark loading function when processing ZED! containers.

📦 What is this software?

Zed\! by Primx

View all CVEs affecting Zed\! →

Zed\! Free by Primx

View all CVEs affecting Zed\! Free →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with persistent malware installation, data theft, and lateral movement capabilities.

🟠

Likely Case

Malware persistence through Startup folder placement leading to credential theft, ransomware deployment, or backdoor installation.

🟢

If Mitigated

Limited impact with proper application whitelisting, restricted user privileges, and network segmentation.

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious containers but can be delivered via email or web downloads.

🏢 Internal Only: HIGH - Internal users opening shared malicious containers can lead to widespread compromise.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction to open malicious ZED! container but is technically simple once delivered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Zed! FREE 1.0 build 187+, Zed! Limited Edition 6.1 build 2209+

Vendor Advisory: https://www.primx.eu/en/news/security-update-zed-software/

Restart Required: No

Instructions:

1. Download latest version from Prim'X website. 2. Uninstall current version. 3. Install updated version. 4. Verify version is above vulnerable builds.

🔧 Temporary Workarounds

Disable automatic startup execution

windows

Remove write permissions from Startup folders to prevent file placement

icacls "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup" /deny Everyone:(OI)(CI)W
icacls "%ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp" /deny Everyone:(OI)(CI)W

Application control policy

windows

Implement application whitelisting to prevent unauthorized executables

🧯 If You Can't Patch

Restrict user privileges to prevent writing to Startup folders
Block ZED! container files at network perimeter and email gateways

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Zed! application and compare version/build numbers against affected ranges

Check Version:

Check via Help > About menu in application GUI

Verify Fix Applied:

Confirm version is Zed! FREE 1.0 build 187+ or Zed! Limited Edition 6.1 build 2209+

📡 Detection & Monitoring

Log Indicators:

File creation events in Startup folders from Zed! process
Zed! process writing executable files to unusual locations

Network Indicators:

Downloads of ZED! container files from untrusted sources
Unusual outbound connections after Zed! execution

SIEM Query:

process_name:"zed.exe" AND file_path:"*Startup*" AND file_extension:".exe"

📊 Metadata

CVE ID: CVE-2018-16518

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: September 5, 2018

Last Updated: November 21, 2024

🔗 References

https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf Broken Link,Third Party Advisory
https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf Broken Link,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-16518, you might also want to check these: