Craig Haft

**Name of the Vulnerable Software and Affected Versions** poi-scratchpad versions 5.2.0 and prior versions **Description** A shortcoming in the HMEF package of poi-scratchpad allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files, which are associated with Microsoft Outlook and Microsoft Exchange Server. If an application uses poi-scratchpad to parse TNEF files and allows untrusted users to supply them, a carefully crafted file can cause an Out of Memory exception. **Recommendations** To resolve the issue, upgrade to poi-scratchpad version 5.2.1. As a temporary workaround, consider restricting the use of the HMEF package to minimize the risk of exploitation. Avoid allowing untrusted users to supply TNEF files to applications that use poi-scratchpad until the issue is resolved.