Intrusion Prevention

Tableau.Product.Heap.Buffer.Overflow

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in Tableau products.
The vulnerability is caused by an error when the vulnerable software handles a malformed .twbx file. An attacker exploiting this vulnerability may be able to execute arbitrary code or cause a crash on the vulnerable system.

Affected Products

Tableau Server on Windows 10.0 through 10.0.21
Tableau Server on Windows 10.1 through 10.1.21
Tableau Server on Windows 10.2 through 10.2.17
Tableau Server on Windows 10.3 through 10.3.17
Tableau Server on Windows 10.4 through 10.4.13
Tableau Server on Windows 10.5 through 10.5.12
Tableau Server on Windows 2018.1 through 2018.1.9
Tableau Server on Windows 2018.2 through 2018.2.6
Tableau Server on Windows 2018.3 through 2018.3.3
Tableau Server on Windows 2019.1 through 2019.1.1
Tableau Server on Linux 10.5 through 10.5.12
Tableau Server on Linux 2018.1 through 2018.1.9
Tableau Server on Linux 2018.2 through 2018.2.6
Tableau Server on Linux 2018.3 through 2018.3.3
Tableau Server on Linux 2019.1 through 2019.1.1
Tableau Desktop on Windows 10.0 through 10.0.21
Tableau Desktop on Windows 10.1 through 10.1.21
Tableau Desktop on Windows 10.2 through 10.2.17
Tableau Desktop on Windows 10.3 through 10.3.17
Tableau Desktop on Windows 10.4 through 10.4.13
Tableau Desktop on Windows 10.5 through 10.5.12
Tableau Desktop on Windows 2018.1 through 2018.1.9
Tableau Desktop on Windows 2018.2 through 2018.2.6
Tableau Desktop on Windows 2018.3 through 2018.3.3
Tableau Desktop on Windows 2019.1 through 2019.1.0
Tableau Desktop on Mac 10.0 through 10.0.21
Tableau Desktop on Mac 10.1 through 10.1.21
Tableau Desktop on Mac 10.2 through 10.2.17
Tableau Desktop on Mac 10.3 through 10.3.17
Tableau Desktop on Mac 10.4 through 10.4.13
Tableau Desktop on Mac 10.5 through 10.5.12
Tableau Desktop on Mac 2018.1 through 2018.1.9
Tableau Desktop on Mac 2018.2 through 2018.2.6
Tableau Desktop on Mac 2018.3 through 2018.3.3
Tableau Desktop on Mac 2019.1 through 2019.1.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.