Last Updated: 4/Dec/2018
- SVF for Excel 9.0, 9.1, 9.2
- RDE Excel Option 9.0, 9.1, 9.2
Dom4j project announced that critical vulnerability (CVE-2018-1000632) exists in dom4j version prior to 2.1.1. For detail, refer to https://nvd.nist.gov/vuln/detail/CVE-2018-1000632.
Impact on SVF Products
SVF for Excel and RDE Excel Option use dom4j indirectly in POI library. For this vulnerability issue, malicious user can include invalid code in your system when mass users output an Excel file in XLSX format. To prevent it, make sure to output your Excel file in XLS format rather than XLSX.
Impact on other WingArc products
We confirmed this vulnerability issue doesn't affect the rest of WingArc products below:
- Dr. Sum