Remote code execution in GNU LibOFX

Published: 2017-09-14

Risk	Low
Patch available	NO
Number of vulnerabilities	1
CVE-ID	CVE-2017-2816
CWE-ID	CWE-787
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	LibOFX Universal components / Libraries / Libraries used by multiple products
Vendor	GNU

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds write

EUVDB-ID: #VU8430

Risk: High

CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2017-2816

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists in the tag parsing functionality due to out-of-bounds write when handling malicious input. A remote attacker can trick the victim into opening a specially crafted OFX file, trigger stack-based buffer overflow and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.

Vulnerable software versions

LibOFX: 0.9.11

CPE2.3

cpe:2.3:a:gnu:libofx:0.9.11:*:*:*:*:*:*:*

External links

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.