Code Execution Exploit

Ross_F · October 25, 2021, 10:45am

Good morning,

I would be grateful if you advise me if the Code Execution Exploit bug has been fixed and if so, what version the fix is in?

Thanks

tahir.manzoor · October 25, 2021, 3:27pm

@Ross_F

Could you please share some more detail about your query along with APIs that you are using? We will then answer your query according to your requirement.

Ross_F · October 26, 2021, 8:35am

Thank you for your reply, please see below:

We are using WordsAPI

More detail:

Aspose.Words Code Execution Vulnerability

CVE-2019-5041

The EnumMetaInfo function in the Aspose Aspose.Words library, version 18.11.0.0, contains an exploitable stack-based buffer overflow vulnerability. A specially crafted .doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability.

Affected version:
Aspose.Words 18.11.0.0

I am attempting to gain knowledge that the affect has been rectified and if so what version is currently without the above bug?

Thanks

geert_vanpeteghem_docshifter_com · October 26, 2021, 8:49am

I think this covers it (you’re welcome, Aspose):

Ross_F · October 26, 2021, 1:32pm

Thank you for your assistance. This does in fact answer my question.

Much appreciated

Kind regards