ID CVE-2018-3933
Summary An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method.
References
Vulnerable Configurations
  • cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:-:-:pro
    cpe:2.3:a:antennahouse:office_server_document_converter:6.1:mr2:-:-:pro
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
CVSS
Base: 6.8
Impact:
Exploitability:
CWE CWE-787
CAPEC
refmap via4
misc https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0600
talos via4
id TALOS-2018-0600
last seen 2018-09-08
published 2018-07-10
reporter Talos Intelligence
source http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0600
title Antenna House Office Server Document Converter vbputanld code execution vulnerability
Last major update 11-07-2018 - 12:29
Published 11-07-2018 - 12:29
Last modified 07-09-2018 - 11:39
Back to Top