Wednesday, September 6, 2017

Telspace Systems Security Advisory (TSA-2017-002)

Telspace Systems Security Advisory

TSA-2017-002: WPS Office Spreadsheet invalid pointer read vulnerability

CVE number

A remote vulnerability exists in the .xls parsing functionality of WPS Spreadsheet. A specially crafted .xls file can cause an invalid pointer read vulnerability resulting in a potential information leak or a denial of service. User interaction is required to trigger this vulnerability.


WPS spreadsheet


Vendor URL

Details and crash information
The affected component is excelrw.dll library in this function :

(1e14.560): Access violation - code c0000005 (first chance)

First chance exceptions are reported before any exception handling.

This exception may be expected and handled.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Users\User-Pc\AppData\Local\Kingsoft\WPS Office\\office6\excelrw.dll -

eax=0439f78c ebx=9d953784 ecx=9d953784 edx=07f86948 esi=9d953784 edi=06012490

eip=6b8772bd esp=0439f774 ebp=0439f798 iopl=0 nv up ei pl nz na pe nc

cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206


6b8772bd 8b7e4a mov edi,dword ptr [esi+4Ah] ds:002b:9d9537ce=????????

Vendor response
The vendor has patched the vulnerability and released a new version -

Disclosure Timeline
09-08-2017 – Initial Discovery
18-08-2017 – Vendor Notification
29-08-2017 – Vendor Patch
05-09-2017 – Public Disclosure

This vulnerability was discovered by Dmitri Kaslov of Telspace Systems

No comments: