Oracle Outside In is a a suite of software development kits that allows developers with a comprehensive solution to access, transform, and control the contents of over 500 unstructured file formats.
Outside In versions 8.3.5 through 8.3.7 fail to properly validate fields in OpenOffice XML (OOXML) documents. If a user opens a malicious OOXML document in a piece of software that uses the vulnerable SDK, an attacker could take over execution of the target's system.
Because Outside In is an SDK, 3rd party applications distribute the libraries. Check with your application provider to make sure you are running the latest version of the affected software.
This exploit has been tested against Avantstar Quick View Plus 11.1.0 Standard Edition and ACD Systems Canvas 12 running on Windows XP SP3 English (DEP OptIn). The 'zip' utility must be installed on the system that is running the exploit.
Avantstar Quick View Plus 11.1.0 Standard
ACD Systems Canvas 12