This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
http://www.zerodayinitiative.com/advisories/ZDI-24-234/
http://www.zerodayinitiative.com/advisories/ZDI-24-235/
http://www.zerodayinitiative.com/advisories/ZDI-24-236/
http://www.zerodayinitiative.com/advisories/ZDI-24-237/
http://www.zerodayinitiative.com/advisories/ZDI-24-238/
http://www.zerodayinitiative.com/advisories/ZDI-24-239/
http://www.zerodayinitiative.com/advisories/ZDI-24-240/
http://www.zerodayinitiative.com/advisories/ZDI-24-241/
http://www.zerodayinitiative.com/advisories/ZDI-24-242/
http://www.zerodayinitiative.com/advisories/ZDI-24-243/
http://www.zerodayinitiative.com/advisories/ZDI-24-244/
http://www.zerodayinitiative.com/advisories/ZDI-24-245/
http://www.zerodayinitiative.com/advisories/ZDI-24-246/
http://www.zerodayinitiative.com/advisories/ZDI-24-247/