Multiple Vulnerabilities in LibXL Library Open Door to RCE Attacks

November 20, 2017


Researchers have identified seven vulnerabilities in the LibXL C library, used to read Excel files. Each of the vulnerabilities are rated 8.8 in severity on the Common Vulnerability Scoring System scale.

Attackers could exploit each of the vulnerabilities and perform remote code execution attacks using specially crafted XLS files, according to Cisco Talos researchers who publicly disclosed the flaw this week.

“LibXL is supported on Windows, Mac and Linux, which can read Microsoft Excel File Format files ranging from current versions of XLS files down to Excel 97,” Cisco Talos researchers said.

Read More on Threat Post