CVE-2017-2793

Summary

An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Antenna HouseDMC HTMLFilteras shipped with MarkLogic 8.0-6affected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References