Anviz AIM CrossChex Standard 4.3 Excel Macro Injection

2018.11.02
Credit: LiquidWorm
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

Anviz AIM CrossChex Standard 4.3 Excel Macro Injection Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Summary: Access Control and Time Attendance Management System. Complying with our self-developed fingerprint, facial, iris, etc. devices, CrossChex Standard integrates intelligent management of time attendance and relevant functions of access control. It has been widely used in many office buildings and factories across the world, continuously serving access control and management requests from many companies with stable performance, accurate calculation, safe management and high intelligence. Desc: CSV (XLS) Injection (Excel Macro Injection or Formula Injection) exists in the AIM CrossChex 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the 'Name' field when adding a user or using the custom fields 'Gender', 'Position', 'Phone', 'Birthday', 'Employ Date' and 'Address'. Upon importing, the application will launch Excel program and execute the malicious macro formula. Tested on: Microsoft Windows 7 Professional SP1 (EN) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2018-5498 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5498.php 22.10.2018 -- From the menu: User -> Add -> use payload: =cmd|' /C mspaint'!L337 User -> Import / Export: use payload: =cmd|' /C mspaint'!L337


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top