Invia #127: Microsoft Excel 2016 v1901 Error Import Based XML External Entity Injectioninformazioni

TitoloMicrosoft Excel 2016 v1901 Error Import Based XML External Entity Injection
DescrizioneDescription: Excel query from file feature is vulnerable to "Error" based XML External Entity attacks, if the user chooses the "Import as Html page" functionality upon receiving errors importing a specially crafted XML file. This can result in potential remote data exfiltration, user interaction is required to exploit this vulnerability. Author: John Page (aka hyp3rlinx) Date (public disclosure): 2019-11-30
Fonte⚠️ http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-2016-v1901-IMPORT-ERROR-EXTERNAL-ENTITY-INJECTION.txt
Utente
 misc (UID 3)
Sottomissione01/12/2019 08:28 (7 anni fa)
Moderazione08/12/2019 17:55 (7 days later)
StatoAccettato
Voce VulDB146800 [Microsoft Excel XML Import XML External Entity]
Punti19

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!