CVE-2017-2783

Name of the Vulnerable Software and Affected Versions MarkLogic versions 8.0 through 8.0-6 Antenna House DMC HTMLFilter (affected versions not specified)

Description A heap corruption issue exists in the FillRowFormat functionality of Antenna House DMC HTMLFilter, which can be exploited by providing a specially crafted xls file, leading to arbitrary code execution. An attacker can trigger this issue by sending or providing a malicious xls file.

Recommendations For MarkLogic versions 8.0 through 8.0-6, consider restricting the processing of xls files until a patch is available. As a temporary workaround, avoid using the FillRowFormat functionality in Antenna House DMC HTMLFilter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.