Anviz AIM CrossChex Standard 4.3 Excel Macro Injection

Posted on 01 November 2018

CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex version 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Name field when adding a user or using the custom fields Gender, Position, Phone, Birthday, Employ Date and Address. Upon importing, the application will launch Excel program and execute the malicious macro formula.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20