8 matches found
CVE-2026-41511
OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...
CVE-2026-41511
OpenMcdf is a fully .NET / C library to manipulate Compound File Binary File Format files, also known as Structured Storage. Prior to version 3.1.3, OpenMcdf does not detect cycles in the directory entry red-black tree of a Compound File Binary CFB document. A crafted CFB file with a cycle in the...
GHSA-JQX5-H2HW-5Q4F Denial of Service in Apache POI
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...
Denial of Service in Apache POI
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...
Purgalicious VBA: Macro Obfuscation With VBA Purging
Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...
FreeXL BIFF Dimension Marker Code Execution Vulnerability
Summary An exploitable heap-based buffer overflow vulnerability exists in the readlegacybiff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested...
CVE-2012-0213
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...
CVE-2012-0213
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service OutOfMemoryError exception and possibly JVM destabilization via a crafted length value in a Channel Definition Format CDF or Compound Fi...