Name of the Vulnerable Software and Affected Versions 1С:Предприятие (affected versions not specified)

Description The issue concerns a vulnerability in the Fast Infoset decoder of the xml2.dll library, which is used for working with XML documents. An attacker can manipulate input data to put the Fast Infoset decoder into an EII INDEX LARG state and pass an incorrect value for calculating an array element index in the decodeEIIIndexLarge procedure. This results in the decodeEIIIndexLarge function returning an invalid address. When this address is accessed in the processEII procedure, it leads to an access violation, causing the process to terminate abnormally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.