CVE-2021-25831

A file extension handling issue was found in [core] module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote code execution on DocumentServer.
Configurations

Configuration 1

cpe:2.3:a:onlyoffice:document_server:*:*:*:*:*:*:*:*

Information

Published : 2021-03-01 04:15

Updated : 2021-03-15 07:53


NVD link : CVE-2021-25831

Mitre link : CVE-2021-25831

Products Affected
No products.