poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

[SECURITY] Fedora 28 Update: apache-poi-3.17-1.fc28

The Apache POI Project's mission is to create and maintain Java APIs for manipulating various file formats based upon the Office Open XML standards OOXML and Microsoft's OLE 2 Compound Document format OLE2. In short, you can read and write MS Excel files using Java. In addition, you can read and...

Microsoft Office: Programmatic access for creating online presentations (PowerPoint, Word)

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013programmaticcreationonlinepresentation.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Restrict programmatic access for creating online presentations in PowerPoint and Word Authors: Emanuel Moss Copyright:...

Microsoft Office: Office Presentation Service

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013officepresentationservice.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Remove Office Presentation Service from the list of online presentation services in PowerPoint and Word Authors: Emanuel Moss...

Microsoft Office: Do not automatically hyperlink screenshots

This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013noautohyperlinkscreenshots.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Do not automatically hyperlink screenshots Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

Open-Xchange: Blind XXE via Powerpoint files

Summary During the parsing of Powerpoint files it seems that it is possible to include XXE payload which will be executed on the Open-XChange server. I was able to identify which files exist on the server, and cause the server make arbitrary request to my own server, and I am pretty sure it is al...

Polaris office 2017 has an illegal memory access vulnerability

Polaris Office 2017 is an office software developed by INFRAWARE Korea, which can be used to view and edit Word documents, Excel tables, Microsoft Office PowerPoint slides, and other commonly used office documents. Polaris Office 2017 suffers from an illegal memory access vulnerability when...

Denial of Service Vulnerability in WPS Office 2016 Presentation

WPS office is an office software suite independently developed by Kingsoft Corporation. A denial of service vulnerability exists in WPS presentation wpp.exe in WPS when parsing a specific ppt file, which can be exploited by an attacker to cause a denial of service attack...

Null pointer reference vulnerability in WPS Office 2016 presentation kso module (CNVD-2018-04915)

WPS office is an office software suite independently developed by Kingsoft Corporation. WPS presentation wpp.exe in WPS has a null pointer reference vulnerability in the kso module when parsing a specific ppt file, which can be exploited by an attacker to cause a denial of service attack or code...

The vulnerability of the PPTStyleSheet function in the PowerPoint file analyzer of the Apache OpenOffice office package allows a hacker to execute arbitrary code.

The vulnerability of the PPTStyleSheet function in the Apache OpenOffice office package’s PPT file analyzer is related to data writing beyond the buffer limit. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...

SoftZone office demo prone to denial of service vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A denial-of-service vulnerability exists in RZoffice Presentations.exe when processing special ppt files. An attacker can exploit the...

SoftZone office demo prone to denial of service vulnerability (CNVD-2018-04283)

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A denial-of-service vulnerability exists in RZoffice Presentations.exe when processing special pptx files. An attacker can exploit the...

SoftZone office demo prone to memory overflow vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory overflow vulnerability exists in RZoffice Presentations.exe when processing special ppt files. An attacker can exploit the...

SoftZone office demo prone to null pointer reference vulnerability (CNVD-2018-04281)

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. RZoffice Presentations.exe has a null pointer reference vulnerability when handling special ppt files. An attacker can exploit the...

SoftZone office demo prone to memory corruption vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. RZoffice Presentations.exe has a null pointer reference vulnerability when handling special ppt files. An attacker can exploit the...

Description of the security update for Office 2013: February 13, 2018

Description of the security update for Office 2013: February 13, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Polaris office 2017 suffers from a denial of service vulnerability (CNVD-2018-03856)

Polaris Office is an office software developed by INFRAWARE of Korea. You can view and edit Word documents, Excel tables, Microsoft Office PowerPoint slides and other commonly used office documents. A denial of service vulnerability exists in PSlide.exe of Polaris office 2017 when opening a ppt...

Apache POI Denial of Service Vulnerability (CNVD-2018-03242)

Apache POI is the United States Apache Apache Software Foundation, an open source library that provides APIs to Java programs can be read and write Microsoft Office format files. There are security vulnerabilities in Apache POI. The vulnerability can be exploited to cause a denial of service out ...

DEBIAN-CVE-2017-12626

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...

CVE-2017-12626

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1 Infinite Loops while parsing crafted WMF, EMF, MSG and macros POI bugs 61338 and 61294, and 2 Out of Memory Exceptions while parsing crafted DOC, PPT and XLS POI bugs 52372 and 61295...