CVE-2023-34303 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-34303?

CVE-2023-34303 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on Ashlar-Vellum Cobalt installations by tricking users into opening malicious VC6 files. The flaw exists in improper validation of VC6 file data, leading to out-of-bounds reads that can be leveraged for code execution. Users of Ashlar-Vellum Cobalt who open untrusted VC6 files are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Ashlar-Vellum Cobalt installations by tricking users into opening malicious VC6 files. The flaw exists in improper validation of VC6 file data, leading to out-of-bounds reads that can be leveraged for code execution. Users of Ashlar-Vellum Cobalt who open untrusted VC6 files are affected.

💻 Affected Systems

Products:

Ashlar-Vellum Cobalt

Versions: Specific versions not detailed in provided references, but likely multiple versions prior to patched release

Operating Systems: Windows (presumed based on typical CAD software deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction (opening malicious VC6 file or visiting malicious page). All default installations that process VC6 files are vulnerable.

📦 What is this software?

Cobalt by Ashlar

View all CVEs affecting Cobalt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system in the context of the current user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Attacker executes malicious code with the privileges of the user who opened the malicious file, potentially installing malware, stealing credentials, or accessing sensitive data.

🟢

If Mitigated

Limited impact due to proper file validation, user awareness training, and restricted user privileges preventing full system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction but leverages common memory corruption techniques. ZDI advisory suggests weaponization is likely given the RCE nature.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: Not provided in references

Restart Required: Yes

Instructions:

1. Contact Ashlar-Vellum for security updates. 2. Apply the latest patch for Cobalt. 3. Restart the application and any related services.

🔧 Temporary Workarounds

Block VC6 file extensions

all

Prevent processing of potentially malicious VC6 files at the system or network level

User awareness training

all

Train users to avoid opening VC6 files from untrusted sources

🧯 If You Can't Patch

Restrict user privileges to minimize impact of successful exploitation
Implement application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check if Ashlar-Vellum Cobalt is installed and processes VC6 files. Review version against vendor patched releases.

Check Version:

Check application 'About' dialog or installation directory for version information

Verify Fix Applied:

Confirm installation of latest vendor-provided patch and test with safe VC6 files to ensure proper parsing.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing VC6 files
Unexpected memory access errors in application logs
Unusual process creation from Cobalt executable

Network Indicators:

Downloads of VC6 files from untrusted sources
Unexpected outbound connections after file opening

SIEM Query:

Process creation where parent process is 'cobalt.exe' AND command line contains unusual parameters OR file access events for *.vc6 files followed by crash events

📊 Metadata

CVE ID: CVE-2023-34303

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: May 3, 2024

Last Updated: August 8, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-863/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-863/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34303, you might also want to check these: