Discovered by a Cisco Talos researcher. Blog by Jon Munshaw.
SoftMaker's Office PlanMaker contains multiple vulnerabilities that could allow an adversary to cause a variety of malicious conditions in the software. SoftMaker's flagship product, SoftMaker Office, is supported on a variety of platforms and contains a handful of components that allows the user to write text documents, create spreadsheets, design presentations and more. The SoftMaker Office suite supports a variety of common office file formats, as well as other internal formats that the user may choose to use when performing their necessary work. These vulnerabilities all exist in the PlanMaker component of the suite, which allows users to create and edit spreadsheets.In accordance with our coordinated disclosure policy, Cisco Talos worked with SoftMaker to ensure that these issues are resolved and that an update is available for affected customers.
Vulnerability details
SoftMaker Office PlanMaker Document Records 0x8011 and 0x820a integer overflow vulnerability (TALOS-2020-1190/CVE-2020-13579)
An exploitable integer overflow vulnerability exists in the PlanMaker document-parsing functionality of SoftMaker Office 2021's PlanMaker application. A specially crafted document can cause the document parser to perform arithmetic that may overflow, which can result in an undersized heap allocation. Later, when copying data from the file into this allocation, a heap-based buffer overflow will occur, which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. A user could trigger this vulnerability by opening a specially crafted doc ..
Support the originator by clicking the read the rest link below.
