CVE-2017-2793

HIGH

Antenna House DMC HTMLFilter as shipped with MarkLogic 8.0-6 - Heap Corruption via Crafted XLS File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2793. PoCs published by sUbc0ol.

AI-analyzed exploit summary This repository contains a detection scanner for CVE-2017-2793, a vulnerability in Microsoft Office's XLS file parsing. The code analyzes XLS files for malicious STRING records with invalid 'cch' values, indicating potential exploitation.

Description

An exploitable heap corruption vulnerability exists in the UnCompressUnicode functionality of Antenna House DMC HTMLFilter used by MarkLogic 8.0-6. A specially crafted xls file can cause a heap corruption resulting in arbitrary code execution. An attacker can send/provide malicious XLS file to trigger this vulnerability.

Exploits (1)

nomisec SCANNER

by sUbc0ol · poc

https://github.com/sUbc0ol/Detection-for-CVE-2017-2793

View Code ZIP pw:eip

This repository contains a detection scanner for CVE-2017-2793, a vulnerability in Microsoft Office's XLS file parsing. The code analyzes XLS files for malicious STRING records with invalid 'cch' values, indicating potential exploitation.

Classification

Scanner 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Office (XLS file parser)

No auth needed

Prerequisites: Malicious XLS file with crafted STRING record

MITRE ATT&CK

T1059.003 - Windows Command Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Technical Description, Third Party Advisory x_refsource_misc

http://www.talosintelligence.com/reports/TALOS-2017-0285/

Scores

CVSS v3 8.3

EPSS 0.0143

EPSS Percentile 69.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (2)

Antenna House/DMC HTMLFilter as shipped with MarkLogic 8.0-6

marklogic/marklogic 8.0-6

Published May 23, 2017

Tracked Since Feb 18, 2026