Marcin Noga of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered multiple remote code execution vulnerabilities in various Aspose APIs. Aspose provides a series of APIs for manipulating or converting a large family of document formats. These vulnerabilities exist in APIs that help process PDFs, Microsoft Word files and more. An attacker could exploit these vulnerabilities by sending a specially crafted, malicious file to the target and trick them into opening it while using the corresponding API.

Cisco Talos initially disclosed these vulnerabilities on Aug. 20, 2019 in accordance with Cisco's disclosure policy, after numerous unsuccessful attempts were made to contact Aspose to report these vulnerabilities. Aspose released an update on Aug. 30, 2019 that fixed these vulnerabilities.

Vulnerability details

Aspose Aspose.Cells for C++ LabelSst remote code execution vulnerability (TALOS-2019-0794/CVE-2019-5032)

An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Aspose Aspose.Cells for C++ number remote code execution vulnerability (TALOS-2019-0795/CVE-2019-5033)

An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability.

Read the complete vulnerability advisory here for additional information.

Aspose Aspose.Words for C++ EnumMetaInfo code execution vulnerability (TALOS-2019-0805/CVE-2019-5041)

An exploitable stack-based buffer overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

CVE-2019-5033 and CVE-2019-5034 affect Aspose.Cells, version 19.1.0. CVE-2019-5041 affects Aspose.Words, version 18.11.0.0.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 49756, 49757, 49760, 49761, 49852, 49853