2 matches found
CVE-2017-2793
An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to...
CVE-2017-2793
CVE-2017-2793 exploits a heap corruption in Antenna House DMC HTMLFilter (used by MarkLogic 8.0-6) via UnCompressUnicode during XLS string handling. The bug stems from a malformed XLUnicodeString with cch = 0xF203 (61955), which far exceeds the documented 32767 limit. InitMem allocates 65538-byte...