CVE-2017-2793

Name of the Vulnerable Software and Affected Versions MarkLogic versions 8.0-6

Description A heap corruption issue exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic. This can be triggered by a specially crafted xls file, leading to arbitrary code execution. An attacker can exploit this by sending or providing a malicious XLS file.

Recommendations For MarkLogic versions 8.0-6, consider restricting the processing of XLS files until a fix is available. As a temporary workaround, avoid using the UnCompressUnicode functionality in Antenna House DMC HTMLFilter to minimize the risk of exploitation.