CVE-2016-4047

Name of the Vulnerable Software and Affected Versions Open-Xchange OX App Suite versions prior to 7.8.1-rev8

Description An issue was discovered where references to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. When parsing certain parts of the generated document, those resources are requested, allowing an attacker to track access to a manipulated document. This could expose information about internal infrastructure.

Recommendations For versions prior to 7.8.1-rev8, update to version 7.8.1-rev8 or later to resolve the issue. As a temporary workaround, consider restricting the use of external .dtd resources in .docx and .xslx files to minimize the risk of exploitation.