This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Critical Vulnerability in Perceptive Content File Conversion Component

Warren_Kopp
Star Contributor
Star Contributor
‎05-03-2018 09:42 AM

Version 1.7.13 of Perceptive Content File Conversion Component has been released to take advantage of the latest release of Document Filters, 11.4.2822. The following four vulnerabilities were disclosed in Document Filters and remediated in this latest build.

  • HD Mode: Resolved a condition for MS Word files where specially crafted documents could cause heap corruption and free-after-use errors. (TALOS-2018-0527) (TFS11840)
  • HD Mode: Resolved a condition for OpenOffice documents where specially crafted files may cause heap corruption. (TALOS-2018-0528) (TFS11841)
  • HD Mode: Resolved a condition for MS Word files where specially crafted documents could cause heap corruption. (TALOS-2018-0534) (TFS11848)
  • HD Mode: Resolved a condition for MS Word files where specially crafted files may cause a buffer-overwrite when converting to classic html (TALOS-2018-0538) (TFS12302)

Affected Products and Versions:

                File Conversion Component 1.7.12 and prior

Fixed Versions:

                File Conversion Component 1.7.13+

Summary of Risk:

These vulnerabilities allow a properly formatted document that triggers the Document Filters conversion logic to corrupt the system memory, potentially allowing for malicious code execution. The potential for these vulnerabilities to be used to trigger malicious code and the risks associate with this level of access have cause this to have a severity rating of critical. Successful exploitation will result in the attacker being granted the privileges of the user running the associated application.

Depending on the nature of the File Conversion Component configuration using the Document Filters library, it may be possible for an attacker to trigger the vulnerable code remotely and anonymously.

 

Steps to Remediate:

It is highly recommended that you update to a version listed under the Fixed Versions section above.

If you have any questions about this vulnerability, do not hesitate to reach out to your first line of support and get in touch with our team.

The risk of these vulnerabilities can be reduced by limiting the permissions of any user running or accessing any application that makes use of Document Filters. This can restrict the scope of the actions any malicious code can perform.

0 Kudos
Copyright © 2024 Khoros, LLC