Security researchers have warned over multiple flaws in Libxls that could result in remote code execution using specially crafted XLS files.

Security researchers have warned over multiple flaws in Libxls that could result in remote code execution using specially crafted XLS files.

The flaws affect systems running Windows, Mac, and Linux. Libxls is a C library supported on these systems; it is used to read Microsoft Excel File Format (XLS) files ranging from current versions of XLS files down to Excel 97 (BIFF8) formats. 

The library is used by the `readxl` package which can be installed in the R programming language via the CRAN repository. The library is also part of the ‘xls2csv’ tool. The library can also be used to successfully parse Microsoft XLS files.

According to a blog post by Cisco’s Talos Intelligence, the first flaw, CVE-2017-2896, is an exploitable out-of-bounds write vulnerability in the xls_mergedCells function of libxls 1.4 

“A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability, this could be sent as part of a phishing campaign using email to compromise the victim’s machine,” said researchers.

The second flaw, CVE-2017-2897, is an exploitable out-of-bounds write vulnerability that exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution.

A third flaw, CVE-2017-2919, is a stack based buffer overflow vulnerability in the xls_getfcell function of libxls 1.3.4.  A specially crafted XLS file can cause a memory corruption resulting in remote code execution.

An attacker can send malicious XLS file to trigger these previous two vulnerabilities.

Two further flaws include exploitable integer overflow vulnerabilities in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record or a MULRK record. Both allow an attacker to cause a memory corruption resulting in remote code execution by sending malicious XLS file to trigger this vulnerability, both could be sent as part of a phishing campaign using email to compromise the victim’s machine.

The last two flaws are exploitable integer overflow vulnerabilities in the xls_appendSST and xls_addCell functions of libxls 1.4. These could also enable an attacker to cause a memory corruption resulting in remote code execution. 

Security researchers said that the update to fix these flaws is only available via svn currently.

Professor Kevin Curran, senior member of the IEEE and professor of cyber-security at Ulster University, told SC Media UK that the multiple remote code execution vulnerabilities within libxls mean that Microsoft Excel is prone to a remote code-execution vulnerability.

“Hackers can therefore exploit this by getting users to open specially crafted Excel (‘.xls’) files sent to them or downloaded by them,” he said.

“A successful attack would have an attacker execute arbitrary code with the privileges of the user running the application. Even those which do not work, could result in denial-of-service conditions. The best mitigation strategy is to run all software as a nonprivileged user with minimal access rights, as this stops many of the Windows exploits. It really should be a default policy within enterprises.”

This article originally appeared at scmagazineuk.com



Source link

NO COMMENTS

LEAVE A REPLY