| tiêu đề | Microsoft Excel 2016 v1901 Error Import Based XML External Entity Injection |
|---|
| Mô tả | Description: Excel query from file feature is vulnerable to "Error" based XML External Entity attacks, if the user chooses the "Import as Html page" functionality upon receiving errors importing a specially crafted XML file. This can result in potential remote data exfiltration, user interaction is required to exploit this vulnerability.
Author: John Page (aka hyp3rlinx)
Date (public disclosure): 2019-11-30 |
|---|
| Nguồn | ⚠️ http://hyp3rlinx.altervista.org/advisories/MICROSOFT-EXCEL-2016-v1901-IMPORT-ERROR-EXTERNAL-ENTITY-INJECTION.txt |
|---|
| Người dùng | misc (UID 3) |
|---|
| Đệ trình | 01/12/2019 08:28 (cách đây 7 những năm) |
|---|
| Kiểm duyệt | 08/12/2019 17:55 (7 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 146800 [Microsoft Excel XML Import XML External Entity] |
|---|
| điểm | 19 |
|---|