Vulnerability Spotlight: Multiple Remote Code Execution Vulnerabilities Within libxls
Vulnerabilities discovered by Marcin Noga of Cisco Talos
Talos is releasing seven new vulnerabilities discovered within the libxls library: TALOS-2017-0403, TALOS-2017-0404, TALOS-2017-0426, TALOS-2017-0460, TALOS-2017-0461, TALOS-2017-0462, and TALOS-2017-0463. These vulnerabilities result in remote code execution using specially crafted XLS files.
libxls is a C library supported on Windows, Mac and Linux which can read Microsoft Excel File Format (XLS) files ranging from current versions of XLS files down to Excel 97 (BIFF8) formats.
The library is used by the `readxl` package which can be installed in the R programming language via the CRAN repository. The library is also part of the ‘xls2csv’ tool. The library can also be used to successfully parse Microsoft XLS files.