ID CVE-2017-2896
Summary An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:libxls_project:libxls:1.4
    cpe:2.3:a:libxls_project:libxls:1.4
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-787
CAPEC
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DSA-4173.NASL
description Marcin Noga discovered multiple vulnerabilities in readxl, a GNU R package to read Excel files (via the integrated libxls library), which could result in the execution of arbitrary code if a malformed spreadsheet is processed.
last seen 2019-02-21
modified 2018-11-13
plugin id 109065
published 2018-04-17
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=109065
title Debian DSA-4173-1 : r-cran-readxl - security update
refmap via4
debian DSA-4173
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
talos via4
id TALOS-2017-0403
last seen 2018-08-31
published 2017-11-15
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
title libxls xls_mergedCells Code Execution Vulnerability
Last major update 20-11-2017 - 17:29
Published 20-11-2017 - 17:29
Last modified 17-04-2018 - 21:29
Back to Top