|CVSS SCORE||5, (AV:N/AC:L/Au:N/C:P/I:N/A:N)|
|TIPPINGPOINT™ IPS CUSTOMER PROTECTION||TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 25848. For further product information on the TippingPoint IPS: http://www.tippingpoint.com|
The specific flaw exists within ExlViewer.dll. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to extract information from the underlying database.
11/08/2016, 11/09/2016, 11/10/2016 and 11/15/2016 - ZDI disclosed the reports, 44 in all, to ICS-CERT