Strix
26.1K

CVE-2012-0213

UnknownEPSS 7.50%

Last modified

CVE-2012-0213 is a vulnerability of currently unknown severity. The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.. EPSS estimates a 7.50% chance of exploitation in the next 30 days.

Description

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

Metrics

EPSS Probability
7.50%

93.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
ApachePoi<= 3.8
ApachePoi0.1
ApachePoi0.2
ApachePoi0.3
ApachePoi0.4
ApachePoi0.5
ApachePoi0.6
ApachePoi0.7
ApachePoi0.10.0
ApachePoi0.11.0
ApachePoi0.12.0
ApachePoi0.13.0
ApachePoi0.14.0
ApachePoi1.0.0
ApachePoi1.0.1
ApachePoi1.0.2
ApachePoi1.1.0
ApachePoi1.2.0
ApachePoi1.5
ApachePoi1.5.1
ApachePoi1.7Dev
ApachePoi1.8Dev
ApachePoi1.10Dev
ApachePoi2.0
ApachePoi2.5
ApachePoi2.5.1
ApachePoi3.0
ApachePoi3.0.1
ApachePoi3.0.2
ApachePoi3.1
ApachePoi3.2
ApachePoi3.5
ApachePoi3.6
ApachePoi3.7
ApachePoi3.8Beta1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2012-0213?
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
How severe is CVE-2012-0213?
Severity scoring for CVE-2012-0213 is pending analysis. The EPSS model estimates a 7.50% probability of exploitation in the next 30 days.
How do I fix CVE-2012-0213?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2012-0213?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST