IBM Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi
Apache POI is vulnerable to a denial of service, caused by an error while parsing malicious WMF, EMF, MSG and macros and specially crafted DOC, PPT and XLS. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop or an out of memory exception.
CVE(s): CVE-2017-12626
Affected product(s) and affected version(s):
IBM eDiscovery Manager v2.2.2.3
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10719481
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138361
The post IBM Security Bulletin: eDiscovery Manager is affected by public disclosed vulnerability from Apache Poi appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2B7Xofv