Vulnerability Management

Very perceptive: Talos researchers spot three vulnerabilities in Lexmark Perceptive Document Filters

Cisco's Talos division today publicly disclosed three new vulnerabilities in Lexmark's Perceptive Document Filters product that if exploited with specifically crafted code could result in remote code execution.

Specifically, the vulnerabilities reside within the printer and enterprise software company's document filters parsing engine component, which enables business specializing in such services as e-discovery, data loss prevention, big data and content management to view documents in multiple formats and convert them from one format to another.

Crediting its researchers, Tyler Bohan and Marcin Nog, Talos reported that the first two flaws are out-of-bounds write vulnerabilities that exist during the parsing and conversion of XLS and Bzip2 files, respectively, while the third is a heap overflow vulnerability resulting from the handling of Compound Binary File Format (MS-CFB) files. Bad actors can exploit these flaws and remotely execute code by maliciously crafting files in these three affected formats.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.