CVE-2017-12108
Status: Analyzed
Last modified:
28-01-2023
Published:
24-04-2018
8.8
SUMMARY CVE-2017-12108
An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
Access CVSS3 CVE-2017-12108
Attack Complexity | Attack Vector | Privileges Required | Scope | User Interaction |
---|---|---|---|---|
LOW | NETWORK | NONE | UNCHANGED | REQUIRED |
Impact CVSS3 CVE-2017-12108
Confidentiality | Integrity | Availability |
---|---|---|
HIGH | HIGH | HIGH |
Details CVE-2017-12108
EPSS | 0.00893 |
---|---|
EPSS % | 0.82997 |
References | |
CWE | CWE-190 |
CAPEC |
|
Vulnerable Configurations |
|
CVSS3 Source | nvd@nist.gov |
CVSS3 Type | Primary |
CVSS3 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |