We're sorry Aspose doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.com

Code Execution Exploit

Good morning,

I would be grateful if you advise me if the Code Execution Exploit bug has been fixed and if so, what version the fix is in?

Thanks

@Ross_F

Could you please share some more detail about your query along with APIs that you are using? We will then answer your query according to your requirement.

Thank you for your reply, please see below:

We are using WordsAPI

More detail:

Aspose.Words Code Execution Vulnerability

CVE-2019-5041

The EnumMetaInfo function in the Aspose Aspose.Words library, version 18.11.0.0, contains an exploitable stack-based buffer overflow vulnerability. A specially crafted .doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.

Affected version:
Aspose.Words 18.11.0.0

I am attempting to gain knowledge that the affect has been rectified and if so what version is currently without the above bug?

Thanks

I think this covers it (you’re welcome, Aspose):

Thank you for your assistance. This does in fact answer my question.

Much appreciated

Kind regards