CVE-2015-5424 – Hewlett-Packard KeyView IDOL DOCX Parsing Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-5424

Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. Vulnerabilidad no especificada en HP KeyView en versiones anteriores a 10.23.0.1 y 10.24.x en versiones anteriores a 10.24.0.1, permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos, también conocida como ZDI-CAN-2885. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard KeyView IDOL. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the handling of DOCX files. It is possible to trigger a use-after-free while handling tag data within a DOCX. • http://www.securityfocus.com/bid/76457 http://www.securitytracker.com/id/1033362 http://www.zerodayinitiative.com/advisories/ZDI-15-398 https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027 •