The vulnerability of the Spreadsheet::ParseExcel library for working with XLS files lies in its inability to eliminate instructions in dynamically executed code, allowing attackers to execute arbitrary code.

The vulnerability of the Spreadsheet::ParseExcel library for working with XLS files is related to the lack of measures taken to eliminate instructions in the dynamically executed code. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

[SECURITY] Fedora 38 Update: perl-Spreadsheet-ParseExcel-0.6600-1.fc38

The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file...

[SECURITY] Fedora 39 Update: perl-Spreadsheet-ParseExcel-0.6600-1.fc39

The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file...

Fedora 38 : perl-Spreadsheet-ParseExcel (2023-84d3cc47b1)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-84d3cc47b1 advisory. Fix for CVE-2023-7101 unvalidated input can lead to arbitrary code execution vulnerability. Tenable has extracted the preceding description block...

Fedora 39 : perl-Spreadsheet-ParseExcel (2023-921f6975c2)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-921f6975c2 advisory. Fix for CVE-2023-7101 unvalidated input can lead to arbitrary code execution vulnerability. Tenable has extracted the preceding description block...

p5-Spreadsheet-ParseExcel -- Remote Code Execution Vulnerability

Spreadsheet-ParseExcel reports: Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type eval "eval". Specifically, the...

Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances

Barracuda has revealed that Chinese threat actors exploited a new zero-day in its Email Security Gateway ESG appliances to deploy backdoors on a "limited number" of devices. Tracked as CVE-2023-7102, the issue relates to a case of arbitrary code execution that resides within a third-party and...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

DEBIAN-CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

Format string

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

UBUNTU-CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101 Arbitrary Code Execution (ACE) Vulnerability

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

CVE-2023-7101

CVE-2023-7101 affects Spreadsheet::ParseExcel (Perl) v0.65, where an ACE exists due to evaluating unvalidated file input in Number format string handling via eval. This enables arbitrary code execution when parsing Excel files; risk is rated high (CVSS 3.1: AV Local, AC Low, PR None, UI Required,...

CVE-2023-7101

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution ACE vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of...

PT-2023-8146 · Unknown +4 · Spreadsheet::Parseexcel +4

Name of the Vulnerable Software and Affected Versions: Spreadsheet::ParseExcel version 0.65 Description: The issue is related to the evaluation of Number format strings within the Excel parsing logic, which allows for arbitrary code execution due to passing unvalidated input from a file into a...