This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Critical Vulnerability in Brainware

Warren_Kopp
Star Contributor
Star Contributor
‎05-04-2018 07:19 AM

The following four vulnerabilities were disclosed in the Document Filters library and patched in March with build 11.4.2822. Brainware versions 5.6.X, 5.7.X, 5.8.x and  5.8.1 are both known to contain vulnerable versions of this library.

  • HD Mode: Resolved a condition for MS Word files where specially crafted documents could cause heap corruption and free-after-use errors. (TALOS-2018-0527) (TFS11840)
  • HD Mode: Resolved a condition for OpenOffice documents where specially crafted files may cause heap corruption. (TALOS-2018-0528) (TFS11841)
  • HD Mode: Resolved a condition for MS Word files where specially crafted documents could cause heap corruption. (TALOS-2018-0534) (TFS11848)
  • HD Mode: Resolved a condition for MS Word files where specially crafted files may cause a buffer-overwrite when converting to classic html (TALOS-2018-0538) (TFS12302)

Affected Products and Versions:

                Brainware 5.6.X, 5.7.X, 5.8, 5.8.1

Fixed Versions:

               Brainware 5.8.x Hot Patch for Document Filters 11.4.0.2822

Summary of Risk:

These vulnerabilities allow a properly formatted document that triggers the Document Filters conversion logic to corrupt the system memory, potentially allowing for malicious code execution. The potential for these vulnerabilities to be used to trigger malicious code and the risks associate with this level of access have cause this to have a severity rating of critical. Successful exploitation will result in the attacker being granted the privileges of the user running the associated application.

Brainware’s use of this library is limited to PDF processing which is does not call the vulnerable sections of code. While the Brainware product contains a version of the library with this set of vulnerabilities, it is not vulnerable.

 

Steps to Remediate:

Customers running 5.6.X or 5.7.X builds will need to upgrade to the Brainware Intelligent Capture 5.8.x Hot Patch for Document Filters 11.4.0.2822 build. 

This bulletin has been published out of an abundance of caution to alert customers and partners that this vulnerability was disclosed and mitigated.

0 Kudos
Copyright © 2024 Khoros, LLC