PT-2017-15540 · Antenna House+1 · Antenna House Dmc Htmlfilter+1

Published

2017-05-23

Updated

2022-04-19

CVE-2017-2793

CVSS v3.1

8.3

High

Vector

AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MarkLogic versions 8.0-6

Description A heap corruption issue exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic. This can be triggered by a specially crafted xls file, leading to arbitrary code execution. An attacker can exploit this by sending or providing a malicious XLS file.

Recommendations For MarkLogic versions 8.0-6, consider restricting the processing of XLS files until a fix is available. As a temporary workaround, avoid using the UnCompressUnicode functionality in Antenna House DMC HTMLFilter to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-2793

Affected Products

Antenna House Dmc Htmlfilter

Marklogic

PT-2017-15540 · Antenna House+1 · Antenna House Dmc Htmlfilter+1

CVE-2017-2793

Weakness Enumeration

Related Identifiers

Affected Products

References · 3