Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2019-11687

Published: 02/05/2019 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Dicom Standard

Vulnerability Summary

An issue exists in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) malware. This space is left unspecified so that dual-purpose files can be created. (For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging for applications in medicine.) To exploit this vulnerability, someone must execute a maliciously crafted file that is encoded in the DICOM Part 10 File Format. PE/DICOM files are executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. Also, anti-malware tools and business processes could violate regulatory frameworks (such as HIPAA) when processing suspicious DICOM files.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

nema dicom standard

Github Repositories

https://github.com/kosmokato/bad-dicom

Explotation framework for CVE-2019-11687

Bad-DICOM PoC of my handcrafted CVE-2019-11687's exploit tool I've crafted this PEDICOM as a Proof of Concept for my college's capstone What is a PEDICOM DoomDicomdcm is a PEDICOM, a polyglot file that can act as a functional PE and, at the same time, as a legit DICOM For more information about this files please read the d00rt's original paper How to use

https://github.com/rjhorniii/DICOM-YARA-rules

YARA rules for detecting DICOM malware

DICOM-YARA-rules YARA rules for detecting DICOM malware DICOM-CVE-2019-11687yar is YARA rules for DICOM Part10 files It looks for the attacks described in CVE-2018-11687 It reports files that appear to be safe, those with unknown risk, and those with high risk of malware contents

References

CWE-20https://labs.cylera.com/2019.04.16/pe-dicom-medical-malwarehttps://github.com/d00rt/pedicomhttp://www.securityfocus.com/bid/108730https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_%28DICOM%29_file_format_standard_-_Markel_Picado_Ortiz_%28d00rt%29.pdfhttps://nvd.nist.govhttps://github.com/kosmokato/bad-dicom
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook