diff --git a/Classes/PHPExcel/Reader/Abstract.php b/Classes/PHPExcel/Reader/Abstract.php
index fdbd2669..0036dff9 100644
--- a/Classes/PHPExcel/Reader/Abstract.php
+++ b/Classes/PHPExcel/Reader/Abstract.php
@@ -235,7 +235,8 @@ abstract class PHPExcel_Reader_Abstract implements PHPExcel_Reader_IReader
 	 */
 	public function securityScan($xml)
 	{
-        if (strpos($xml, '<!ENTITY') !== false) { 
+        $pattern = '/\0?<\0?!\0?E\0?N\0?T\0?I\0?T\0?Y\0?/';
+        if (preg_match($pattern, $xml)) { 
             throw new PHPExcel_Reader_Exception('Detected use of ENTITY in XML, spreadsheet file load() aborted to prevent XXE/XEE attacks');
         }
         return $xml;
diff --git a/unitTests/Classes/PHPExcel/Reader/XEEValidatorTest.php b/unitTests/Classes/PHPExcel/Reader/XEEValidatorTest.php
new file mode 100644
index 00000000..f635dbb8
--- /dev/null
+++ b/unitTests/Classes/PHPExcel/Reader/XEEValidatorTest.php
@@ -0,0 +1,55 @@
+<?php
+
+
+class XEEValidatorTest extends PHPUnit_Framework_TestCase
+{
+
+    public function setUp()
+    {
+        if (!defined('PHPEXCEL_ROOT')) {
+            define('PHPEXCEL_ROOT', APPLICATION_PATH . '/');
+        }
+        require_once(PHPEXCEL_ROOT . 'PHPExcel/Autoloader.php');
+	}
+
+    /**
+     * @dataProvider providerInvalidXML
+     * @expectedException PHPExcel_Reader_Exception
+     */
+	public function testInvalidXML($filename)
+	{
+        $reader = $this->getMockForAbstractClass('PHPExcel_Reader_Abstract');
+        $expectedResult = 'FAILURE: Should throw an Exception rather than return a value';
+		$result = $reader->securityScanFile($filename);
+		$this->assertEquals($expectedResult, $result);
+	}
+
+    public function providerInvalidXML()
+    {
+        $tests = [];
+        foreach(glob('rawTestData/Reader/XEETestInvalid*.xml') as $file) {
+            $tests[] = [realpath($file), true];
+        }
+        return $tests;
+	}
+
+    /**
+     * @dataProvider providerValidXML
+     */
+	public function testValidXML($filename, $expectedResult)
+	{
+        $reader = $this->getMockForAbstractClass('PHPExcel_Reader_Abstract');
+		$result = $reader->securityScanFile($filename);
+		$this->assertEquals($expectedResult, $result);
+	}
+
+    public function providerValidXML()
+    {
+        $tests = [];
+        foreach(glob('rawTestData/Reader/XEETestValid*.xml') as $file) {
+            $tests[] = [realpath($file), file_get_contents($file)];
+        }
+        return $tests;
+	}
+
+}
diff --git a/unitTests/rawTestData/Reader/XEETestInvalidUTF-16.xml b/unitTests/rawTestData/Reader/XEETestInvalidUTF-16.xml
new file mode 100644
index 00000000..94eaedfc
Binary files /dev/null and b/unitTests/rawTestData/Reader/XEETestInvalidUTF-16.xml differ
diff --git a/unitTests/rawTestData/Reader/XEETestInvalidUTF-16BE.xml b/unitTests/rawTestData/Reader/XEETestInvalidUTF-16BE.xml
new file mode 100644
index 00000000..1d186ff4
Binary files /dev/null and b/unitTests/rawTestData/Reader/XEETestInvalidUTF-16BE.xml differ
diff --git a/unitTests/rawTestData/Reader/XEETestInvalidUTF-16LE.xml b/unitTests/rawTestData/Reader/XEETestInvalidUTF-16LE.xml
new file mode 100644
index 00000000..c3913f71
Binary files /dev/null and b/unitTests/rawTestData/Reader/XEETestInvalidUTF-16LE.xml differ
diff --git a/unitTests/rawTestData/Reader/XEETestInvalidUTF-8.xml b/unitTests/rawTestData/Reader/XEETestInvalidUTF-8.xml
new file mode 100644
index 00000000..212003fd
--- /dev/null
+++ b/unitTests/rawTestData/Reader/XEETestInvalidUTF-8.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!DOCTYPE root [
+     <!ENTITY x0 "DoS">
+]>
+
+<root>
+	test: (&x0;)
+</root>
\ No newline at end of file
diff --git a/unitTests/rawTestData/Reader/XEETestValidUTF-16.xml b/unitTests/rawTestData/Reader/XEETestValidUTF-16.xml
new file mode 100644
index 00000000..6473fe6b
Binary files /dev/null and b/unitTests/rawTestData/Reader/XEETestValidUTF-16.xml differ
diff --git a/unitTests/rawTestData/Reader/XEETestValidUTF-16BE.xml b/unitTests/rawTestData/Reader/XEETestValidUTF-16BE.xml
new file mode 100644
index 00000000..677e712f
Binary files /dev/null and b/unitTests/rawTestData/Reader/XEETestValidUTF-16BE.xml differ
diff --git a/unitTests/rawTestData/Reader/XEETestValidUTF-16LE.xml b/unitTests/rawTestData/Reader/XEETestValidUTF-16LE.xml
new file mode 100644
index 00000000..64353bfb
Binary files /dev/null and b/unitTests/rawTestData/Reader/XEETestValidUTF-16LE.xml differ
diff --git a/unitTests/rawTestData/Reader/XEETestValidUTF-8.xml b/unitTests/rawTestData/Reader/XEETestValidUTF-8.xml
new file mode 100644
index 00000000..c400ae88
--- /dev/null
+++ b/unitTests/rawTestData/Reader/XEETestValidUTF-8.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<root>
+	test: Valid
+</root>
\ No newline at end of file