CVE-2020-16243
📋 TL;DR
This CVE describes multiple buffer overflow vulnerabilities in LeviStudioU software that allow remote code execution. Attackers can exploit these vulnerabilities by tricking users into opening specially crafted project files, potentially gaining the same privileges as the application. Users of LeviStudioU version 2019-09-21 and prior are affected.
💻 Affected Systems
- LeviStudioU
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the LeviStudioU application, potentially leading to lateral movement, data theft, or ransomware deployment.
Likely Case
Local privilege escalation or remote code execution on systems where LeviStudioU runs with elevated privileges, allowing attackers to install malware or steal sensitive engineering data.
If Mitigated
Limited impact if application runs with minimal privileges and proper file validation is in place, potentially resulting only in application crash.
🎯 Exploit Status
Exploitation requires social engineering to get users to open malicious project files. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2019-09-21
Vendor Advisory: https://us-cert.cisa.gov/ics/advisories/icsa-20-238-03
Restart Required: Yes
Instructions:
1. Download and install the latest version of LeviStudioU from the official vendor website. 2. Replace all older versions with the patched version. 3. Restart the system to ensure all components are updated.
🔧 Temporary Workarounds
Restrict project file handling
windowsConfigure system to open LeviStudioU project files only with the patched version or block suspicious project files.
Use Windows Group Policy to restrict file associations for .lsp files to only the patched LeviStudioU version
User privilege reduction
windowsRun LeviStudioU with minimal necessary privileges to limit potential damage from exploitation.
Runas /user:standarduser "C:\Program Files\LeviStudioU\LeviStudioU.exe"
🧯 If You Can't Patch
- Implement strict access controls to limit who can open project files and from which sources
- Deploy application whitelisting to prevent execution of unauthorized code even if exploitation occurs
🔍 How to Verify
Check if Vulnerable:
Check LeviStudioU version in Help > About menu. If version is 2019-09-21 or earlier, the system is vulnerable.Check Version:
Check application version through Help > About menu in LeviStudioU GUIVerify Fix Applied:
Verify LeviStudioU version is later than 2019-09-21 and test opening known good project files to ensure functionality.📡 Detection & Monitoring
Log Indicators:
- Multiple application crashes of LeviStudioU
- Unusual process creation from LeviStudioU executable
- Access to suspicious project files from untrusted sources
Network Indicators:
- Downloads of project files from unknown external sources
- Unusual outbound connections from LeviStudioU process
SIEM Query:
Process Creation where Image contains 'LeviStudioU' and CommandLine contains unusual parameters OR ParentImage contains 'LeviStudioU' and Image not in approved list