Unrated severityNVD Advisory· Published Mar 1, 2021· Updated Aug 3, 2024
CVE-2021-25830
CVE-2021-25830
Description
A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote code execution on DocumentServer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ONLYOFFICE/DocumentServerdescription
- Range: >=4.2.0.236, <=5.6.4.13
Patches
Vulnerability mechanics
References
4- github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cppmitrex_refsource_MISC
- github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/Editor/BinaryFileReaderWriter.cppmitrex_refsource_MISC
- github.com/ONLYOFFICE/core/blob/v5.6.4.13/ASCOfficePPTXFile/PPTXFormat/Logic/UniFill.cppmitrex_refsource_MISC
- github.com/merrychap/poc_exploits/tree/master/ONLYOFFICE/CVE-2021-25830mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.