CVE-2023-7101

Spreadsheet::ParseExcel Remote Code Execution Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Spreadsheet::ParseExcel version 0.65 es un módulo Perl utilizado para analizar archivos Excel. Spreadsheet::ParseExcel es afectado por una vulnerabilidad de ejecución de código arbitrario (ACE) debido a que se pasa una entrada no validada de un archivo a una "evaluación" de tipo cadena. Específicamente, el problema surge de la evaluación de cadenas de formato numérico (que no deben confundirse con cadenas de formato de estilo printf) dentro de la lógica de análisis de Excel.

Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

*Credits: Le Dinh Hai (https://github.com/haile01/perl_spreadsheet_excel_rce_poc/tree/main) , Barracuda Networks Inc. https://www.barracuda.com/

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-12-24 CVE Reserved
2023-12-24 CVE Published
2024-01-02 Exploited in Wild
2024-01-23 KEV Due Date
2024-08-02 CVE Updated
2024-09-13 EPSS Updated
---------- First Exploit

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CAPEC

CAPEC-137: Parameter Injection

References (11)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2023/12/29/4	Mailing List
https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171	Product
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md	Third Party Advisory
https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc	Broken Link
https://https://metacpan.org/dist/Spreadsheet-ParseExcel	Broken Link
https://https://www.cve.org/CVERecord?id=CVE-2023-7101	Broken Link
https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5	Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR	Mailing List
https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc	2024-07-03

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jmcnamara Search vendor "Jmcnamara"		Spreadsheet::parseexcel Search vendor "Jmcnamara" for product "Spreadsheet::parseexcel"				<= 0.65 Search vendor "Jmcnamara" for product "Spreadsheet::parseexcel" and version " <= 0.65"		perl		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				39 Search vendor "Fedoraproject" for product "Fedora" and version "39"		-		Affected