إرسال #127: Microsoft Excel 2016 v1901 Error Import Based XML External Entity Injectionالمعلومات

عنوانMicrosoft Excel 2016 v1901 Error Import Based XML External Entity Injection
الوصفDescription: Excel query from file feature is vulnerable to "Error" based XML External Entity attacks, if the user chooses the "Import as Html page" functionality upon receiving errors importing a specially crafted XML file. This can result in potential remote data exfiltration, user interaction is required to exploit this vulnerability. Author: John Page (aka hyp3rlinx) Date (public disclosure): 2019-11-30
المصدر⚠️ http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-2016-v1901-IMPORT-ERROR-EXTERNAL-ENTITY-INJECTION.txt
المستخدم
 misc (UID 3)
ارسال01/12/2019 08:28 AM (7 سنوات منذ)
الاعتدال08/12/2019 05:55 PM (7 days later)
الحالةتمت الموافقة
إدخال VulDB146800 [Microsoft Excel XML Import XML External Entity]
النقاط19

التالي نظرة عامة السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>