CVE-2023-7101

HIGH KEV

Spreadsheet::ParseExcel < 0.65 - Remote Code Execution via Number Format String Eval

Title source: llm

Exploitation Summary

CVE-2023-7101 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added January 2, 2024. EIP tracks 1 public exploit from researchers including Mandiant, haile01, Curt Hyvarinen, including a Metasploit module exploits/linux/smtp/barracuda_esg_spreadsheet_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-7102 in Barracuda ESG by crafting a malicious XLS file with a Perl payload embedded in a BIFF8 FORMAT record, achieving remote code execution via an unsafe eval() in Spreadsheet::ParseExcel.

Description

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Mandiant, haile01, Curt Hyvarinen · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/smtp/barracuda_esg_spreadsheet_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2023-7102 in Barracuda ESG by crafting a malicious XLS file with a Perl payload embedded in a BIFF8 FORMAT record, achieving remote code execution via an unsafe eval() in Spreadsheet::ParseExcel.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Barracuda Email Security Gateway (ESG) 5.1.3.001 through 9.2.1.001

No auth needed

Prerequisites: SMTP access to the target ESG · Valid target email address

MITRE ATT&CK