The vulnerability of the FortiAnalyzer security event monitoring and analysis tool lies in the lack of a mechanism to neutralize elements in CSV files, allowing attackers to execute arbitrary code.

The vulnerability of the FortiAnalyzer event tracking and analysis tool lies in the absence of a mechanism to neutralize certain elements within the CSV file. Exploiting this vulnerability could allow an attacker to execute arbitrary code by inserting Excel formulas as names of macros within the...

CVE-2023-25611

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names...

FortiAnalyzer - CSV injection in macro name

An improper neutralization of formula elements vulnerability CWE 1236 in FortiAnalyzer may allow a local authenticated privileged attacker to execute arbitrary code on the end-user's host via inserting spreadsheet formulas in the macro names. This is achieved once the user downloads and opens the...

CVE-2003-0820

Microsoft Word 97, 98J, 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack...