News
News & events
LibOFX Tag Parsing Code Execution Vulnerability CVE-2017-2816
2017-09-25

Summary

A vulnerability in the parsing functionality of the LibOFX library could allow an attacker to execute arbitrary code.

The vulnerability is due to improper parsing of crafted Open Financial Exchange (OFX) files by the affected library. An attacker could exploit this vulnerability by persuading a targeted user on the local system to open a crafted OFX file with an application using the affected library. An exploit could trigger a buffer overflow condition, which the attacker could leverage to execute arbitrary code.


Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

The vendor has not confirmed the vulnerability and software updates are not available.

Analysis

To exploit this vulnerability, the attacker may use misleading language or instructions to persuade a targeted user to open a crafted OFX file.
    
Cisco Talos has released a vulnerability report and a security blog for this vulnerability at the following links:  https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317andhttp://blog.talosintelligence.com/2017/09/vulnerability-spotlight-libofx-tag.html#more



Safeguards

Administrators are advised to contact the vendor regarding future updates and releases.

Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.

Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.

Administrators are advised to monitor critical systems.