Aggregates CVE and security vulnerability intelligence across all antennahouse-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption, vendor risk xxe, and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-20839 | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document. | [email protected] | 6.5 | 0.42% | 2021-11-01 | 2024-11-21 |
| CVE-2021-20838 | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document. | [email protected] | 7.5 | 0.72% | 2021-11-01 | 2024-11-21 |
| CVE-2019-5030 | A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. | [email protected] | 8.8 | 0.76% | 2019-10-31 | 2024-11-21 |
| CVE-2018-3936 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. | [email protected] | 8.8 | 0.77% | 2018-07-11 | 2024-11-21 |
| CVE-2018-3933 | An exploitable out-of-bounds write exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbputanld` method. | [email protected] | 8.8 | 0.77% | 2018-07-11 | 2024-11-21 |
| CVE-2018-3932 | An exploitable stack-based buffer overflow exists in the Microsoft Word document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted Microsoft Word (DOC) document can lead to a stack-based buffer overflow, resulting in remote code execution. | [email protected] | 8.8 | 1.43% | 2018-07-11 | 2024-11-21 |
| CVE-2018-3931 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `putShapeProperty` method. | [email protected] | 7.8 | 0.77% | 2018-07-11 | 2024-11-21 |
| CVE-2018-3930 | In Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312), a crafted Microsoft Word (DOC) document can lead to an out-of-bounds write, resulting in remote code execution. This vulnerability occurs in the `vbgetfp` method. | [email protected] | 7.8 | 0.50% | 2018-07-11 | 2024-11-21 |
| CVE-2018-3929 | An exploitable heap corruption exists in the PowerPoint document conversion functionality of the Antenna House Office Server Document Converter version V6.1 Pro MR2 for Linux64 (6,1,2018,0312). A crafted PowerPoint (PPT) document can lead to heap corruption, resulting in remote code execution. | [email protected] | 7.8 | 0.77% | 2018-07-11 | 2024-11-21 |