Tableau.Product.Heap.Buffer.Overflow
Description
This indicates an attack attempt against a Buffer Overflow vulnerability in Tableau products.
The vulnerability is caused by an error when the vulnerable software handles a malformed .twbx file. An attacker exploiting this vulnerability may be able to execute arbitrary code or cause a crash on the vulnerable system.
Affected Products
Tableau Server on Windows 10.0 through 10.0.21
Tableau Server on Windows 10.1 through 10.1.21
Tableau Server on Windows 10.2 through 10.2.17
Tableau Server on Windows 10.3 through 10.3.17
Tableau Server on Windows 10.4 through 10.4.13
Tableau Server on Windows 10.5 through 10.5.12
Tableau Server on Windows 2018.1 through 2018.1.9
Tableau Server on Windows 2018.2 through 2018.2.6
Tableau Server on Windows 2018.3 through 2018.3.3
Tableau Server on Windows 2019.1 through 2019.1.1
Tableau Server on Linux 10.5 through 10.5.12
Tableau Server on Linux 2018.1 through 2018.1.9
Tableau Server on Linux 2018.2 through 2018.2.6
Tableau Server on Linux 2018.3 through 2018.3.3
Tableau Server on Linux 2019.1 through 2019.1.1
Tableau Desktop on Windows 10.0 through 10.0.21
Tableau Desktop on Windows 10.1 through 10.1.21
Tableau Desktop on Windows 10.2 through 10.2.17
Tableau Desktop on Windows 10.3 through 10.3.17
Tableau Desktop on Windows 10.4 through 10.4.13
Tableau Desktop on Windows 10.5 through 10.5.12
Tableau Desktop on Windows 2018.1 through 2018.1.9
Tableau Desktop on Windows 2018.2 through 2018.2.6
Tableau Desktop on Windows 2018.3 through 2018.3.3
Tableau Desktop on Windows 2019.1 through 2019.1.0
Tableau Desktop on Mac 10.0 through 10.0.21
Tableau Desktop on Mac 10.1 through 10.1.21
Tableau Desktop on Mac 10.2 through 10.2.17
Tableau Desktop on Mac 10.3 through 10.3.17
Tableau Desktop on Mac 10.4 through 10.4.13
Tableau Desktop on Mac 10.5 through 10.5.12
Tableau Desktop on Mac 2018.1 through 2018.1.9
Tableau Desktop on Mac 2018.2 through 2018.2.6
Tableau Desktop on Mac 2018.3 through 2018.3.3
Tableau Desktop on Mac 2019.1 through 2019.1.0
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Refer to the vendor advisory:
https://community.tableau.com/community/security-bulletins/blog/2019/02/21/important-adv-2019-004-heap-based-buffer-overflow
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |