Name of the Vulnerable Software and Affected Versions 1С:Предприятие (affected versions not specified)

Description The issue concerns a vulnerability in the Fast Infoset decoder of the xml2.dll library, which is used for working with XML documents. An attacker can manipulate input data to put the Fast Infoset decoder into an EII INDEX MEDIUM state and pass an incorrect value for calculating an array element index in the decodeEIIIndexMedium procedure. This results in the decodeEIIIndexMedium function returning an invalid address, leading to an access violation when accessed in the processEII procedure, causing the process to terminate abnormally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.