CVE-2004-1301

xlreader 0.9.0 - Buffer Overflow in book_format_sql Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1301. PoCs published by Kris Kubicki.

AI-analyzed exploit summary The provided text describes a remote, client-side buffer overflow vulnerability in xlreader due to improper validation of user-supplied strings. An attacker could exploit this to execute arbitrary code with the privileges of the user running the application.

Description

Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Kris Kubicki · textremotemultiple
https://www.exploit-db.com/exploits/24979

The provided text describes a remote, client-side buffer overflow vulnerability in xlreader due to improper validation of user-supplied strings. An attacker could exploit this to execute arbitrary code with the privileges of the user running the application.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: xlreader (version not specified)
No auth needed
Prerequisites: User interaction to open a malicious file or link
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18612
Exploit, Vendor Advisory x_refsource_misc
http://tigger.uic.edu/~jlongs2/holes/xlreader.txt

Scores

EPSS 0.0617
EPSS Percentile 92.6%

Details

Status published
Products (1)
xlreader/xlreader 0.9
Published Jan 10, 2005
Tracked Since Feb 18, 2026