Vulnerabilities > CVE-2019-5041 - Out-of-bounds Write vulnerability in Aspose Aspose.Words 18.11.0.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Aspose
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2019-0805
last seen2019-09-10
published2019-08-20
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0805
titleAspose Aspose.Words for C++ EnumMetaInfo Code Execution Vulnerability