These vulnerabilities were discovered by Marcin ‘Icewall’ Noga of Talos.
Today, Talos is disclosing several vulnerabilities that have been identified in the AntennaHouse DMC library which is used in various products for web-based document searching and rendering. These vulnerabilities manifest as a failure to correctly parse Microsoft Office documents and could be exploited to achieve arbitrary code execution. These vulnerabilities are being disclosed in coordination with AntennaHouse.
Multiple heap corruption vulnerabilities exist within AntennaHouse DMC HTMLFilter that could be exploited to achieve arbitrary code execution on the targeted machine. These vulnerabilities manifest due to improper handling of Microsoft Office documents, such as Word and PowerPoint files. An adversary that passes a specifically crafted document to the converter could exploit one of these vulnerabilities. Note that the method that an adversary could compromise a vulnerable machine varies as this library is known to be incorporated into other third-party products.
- TALOS-2016-0207 (CVE-2016-8382) – AntennaHouse DMC HTMLFilter Doc_SetSummary Code Execution
- TALOS-2016-0208 (CVE-2016-8383) – AntennaHouse DMC HTMLFilter Doc_GetFontTable Code Execution
- TALOS-2016-0209 (CVE-2016-8384) – AntennaHouse DMC HTMLFilter DHFSummary Code Execution
- TALOS-2017-0279 (CVE-2017-2783) – AntennaHouse DMC HTMLFilter FillRowFormat Code Execution Vulnerability
- TALOS-2017-0284 (CVE-2017-2792) – AntennaHouse DMC HTMLFilter iBldDirInfo Code Execution Vulnerability
- TALOS-2017-0285 (CVE-2017-2793) – AntennaHouse DMC HTMLFilter UnCompressUnicode Code Execution Vulnerability
- TALOS-2017-0286 (CVE-2017-2794) – AntennaHouse DMC HTMLFilter PPT DHFSummary Code Execution Vulnerability
- TALOS-2017-0288 (CVE-2017-2795) – AntennaHouse DMC HTMLFilter Txo Code Execution Vulnerability
- TALOS-2017-0290 (CVE-2017-2797) – AntennaHouse DMC HTMLFilter PPT ParseEnvironment Code Execution Vulnerability
- TALOS-2017-0291 (CVE-2017-2798) – AntennaHouse DMC HTMLFilter GetIndexArray Code Execution Vulnerability
- TALOS-2017-0292 (CVE-2017-2799) – AntennaHouse DMC HTMLFilter AddSst Code Execution Vulnerability
Talos has released rules that detect attempts to exploit these vulnerabilities to protect our customers. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.
Snort Rules: 40789-40790, 40927-40932, 41511-41512, 41543-41546, 41703-41704, 41726-41727, 41753-41754, 41759-41760, 41765-41766
For the full technical details regarding these and other vulnerabilities, please visit our vulnerability reports portal on our website:
Source: Cisco’s Talos Intelligence Group Blog @ May 4, 2017 at 12:17PM