Seven vulnerabilities in Libxls (Excel file reader library) could result in remote code execution
Seven vulnerabilities have been discovered in the LibXL C library by a security researcher. An attacker could exploit the flaws and perform remote code execution attack via specially crafted XLS files, Cisco’s Talos researcher, Marcin Noga, reports. Libxls is a C library which is used to read Microsoft Excel File Formats, raging from current versions XLS files to Excel 97 (BIFF8) formats. It’s supported on Windows, Mac and Linux.
“The library is used by the `readxl` package which can be installed in the R programming language via the CRAN repository. The library is also part of the ‘xls2csv’ tool. The library can also be used to successfully parse Microsoft XLS files,” the researcher reports. One of the vulnerabilities (CVE-2017-2896) exists in the xls_mergedCells function of libxls 1.4, and can allow the attacker to send malicious XLS files via phishing campaign, and if opened, a memory corruption will be triggered in the system, which will result in a remote code execution.
The second flaw (CVE-2017-2897) exists in read_MSAT function of libxls 1.4. “A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability, this could be sent as part of a phishing campaign using email to compromise the victim’s machine,” Noga explains.
The third vulnerability (CVE-2017-2919) is a stack based buffer overflow vulnerability in the xls_getfcell function of libxls 1.3.4. CVE-2017-12108, the fourth mentioned flaw, is an integer overflow vulnerability that exists in the xls_preparseWorkSheet function of libxls 1.4 when handling MULBLANK record. The fifth, sixth and seventh reported vulnerabilities include an integer overflow flaw that exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record (CVE-2017-12109), an integer overflow flaw that exists in the xls_appendSST function of libxls 1.4 (CVE-2017-12110), and an exploitable out-of-bounds bug that exists in the xls_addCell function of libxls 1.4 (CVE-2017-12111).g
Just like with the previous mentioned flaws, an attacker could send malicious XLS files via phishing, and if the mentioned vulnerabilities are triggered, a memory corruption could be caused, resulting in remote code execution.
The researcher also states that a fix is only available via svn at this moment.
WiperSoft.com is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.
The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.