Cisco's Talos division today publicly disclosed three new vulnerabilities in Lexmark's Perceptive Document Filters product that if exploited with specifically crafted code could result in remote code execution.
Specifically, the vulnerabilities reside within the printer and enterprise software company's document filters parsing engine component, which enables business specializing in such services as e-discovery, data loss prevention, big data and content management to view documents in multiple formats and convert them from one format to another.
Crediting its researchers, Tyler Bohan and Marcin Nog, Talos reported that the first two flaws are out-of-bounds write vulnerabilities that exist during the parsing and conversion of XLS and Bzip2 files, respectively, while the third is a heap overflow vulnerability resulting from the handling of Compound Binary File Format (MS-CFB) files. Bad actors can exploit these flaws and remotely execute code by maliciously crafting files in these three affected formats.
