English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.68320
Kategorie:Mandrake Local Security Checks
Titel:Mandriva Security Advisory MDVSA-2010:221 (openoffice.org)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:
The remote host is missing an update to openoffice.org
announced via advisory MDVSA-2010:221.

Multiple vulnerabilities was discovered and corrected in the
OpenOffice.org:

Integer overflow allows remote attackers to execute arbitrary code
via a crafted XPM file that triggers a heap-based buffer overflow
(CVE-2009-2949).

Heap-based buffer overflow allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a crafted GIF file, related to LZW decompression (CVE-2009-2950).

Integer underflow allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
a crafted sprmTDefTable table property modifier in a Word document
(CVE-2009-3301).

boundary error flaw allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
a crafted sprmTSetBrc table property modifier in a Word document
(CVE-2009-3302).

Lack of properly enforcing Visual Basic for Applications (VBA) macro
security settings, which allows remote attackers to run arbitrary
macros via a crafted document (CVE-2010-0136).

User-assisted remote attackers are able to bypass Python macro
security restrictions and execute arbitrary Python code via a crafted
OpenDocument Text (ODT) file that triggers code execution when the
macro directory structure is previewed (CVE-2010-0395).

Impress module does not properly handle integer values associated
with dictionary property items, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PowerPoint document that triggers a
heap-based buffer overflow, related to an integer truncation error
(CVE-2010-2935).

Integer overflow in the Impress allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via crafted polygons in a PowerPoint document that triggers a
heap-based buffer overflow (CVE-2010-2936).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update provides OpenOffice.org packages have been patched to
correct these issues and additional dependent packages.

Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:221

Risk factor : Critical

CVSS Score:
9.3

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2009-2949
BugTraq ID: 38218
http://www.securityfocus.com/bid/38218
Cert/CC Advisory: TA10-287A
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
Debian Security Information: DSA-1995 (Google Search)
http://www.debian.org/security/2010/dsa-1995
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10176
http://www.redhat.com/support/errata/RHSA-2010-0101.html
http://securitytracker.com/id?1023591
http://secunia.com/advisories/38567
http://secunia.com/advisories/38568
http://secunia.com/advisories/38695
http://secunia.com/advisories/38921
http://secunia.com/advisories/41818
http://secunia.com/advisories/60799
SuSE Security Announcement: SUSE-SA:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
http://www.ubuntu.com/usn/USN-903-1
http://www.vupen.com/english/advisories/2010/0366
http://www.vupen.com/english/advisories/2010/0635
http://www.vupen.com/english/advisories/2010/2905
XForce ISS Database: openoffice-xpm-bo(56236)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56236
Common Vulnerability Exposure (CVE) ID: CVE-2009-2950
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11050
XForce ISS Database: openoffice-gif-bo(56238)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56238
Common Vulnerability Exposure (CVE) ID: CVE-2009-3301
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10423
XForce ISS Database: openoffice-word-sprmtdeftable-bo(56240)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56240
Common Vulnerability Exposure (CVE) ID: CVE-2009-3302
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10022
XForce ISS Database: openoffice-word-sprmtsetbrc-bo(56241)
https://exchange.xforce.ibmcloud.com/vulnerabilities/56241
Common Vulnerability Exposure (CVE) ID: CVE-2010-0136
BugTraq ID: 38245
http://www.securityfocus.com/bid/38245
http://www.mail-archive.com/debian-openoffice@lists.debian.org/msg23178.html
http://securitytracker.com/id?1023588
Common Vulnerability Exposure (CVE) ID: CVE-2010-0395
Debian Security Information: DSA-2055 (Google Search)
http://www.debian.org/security/2010/dsa-2055
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042468.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042529.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042534.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11091
http://www.redhat.com/support/errata/RHSA-2010-0459.html
http://secunia.com/advisories/40070
http://secunia.com/advisories/40084
http://secunia.com/advisories/40104
http://secunia.com/advisories/40107
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://ubuntu.com/usn/usn-949-1
http://www.vupen.com/english/advisories/2010/1350
http://www.vupen.com/english/advisories/2010/1353
http://www.vupen.com/english/advisories/2010/1366
http://www.vupen.com/english/advisories/2010/1369
Common Vulnerability Exposure (CVE) ID: CVE-2010-2935
1024352
http://www.securitytracker.com/id?1024352
1024976
http://www.securitytracker.com/id?1024976
40775
http://secunia.com/advisories/40775
41052
http://secunia.com/advisories/41052
41235
http://secunia.com/advisories/41235
42927
http://secunia.com/advisories/42927
43105
http://secunia.com/advisories/43105
60799
ADV-2010-2003
http://www.vupen.com/english/advisories/2010/2003
ADV-2010-2149
http://www.vupen.com/english/advisories/2010/2149
ADV-2010-2228
http://www.vupen.com/english/advisories/2010/2228
ADV-2010-2905
ADV-2011-0150
http://www.vupen.com/english/advisories/2011/0150
ADV-2011-0230
http://www.vupen.com/english/advisories/2011/0230
ADV-2011-0279
http://www.vupen.com/english/advisories/2011/0279
DSA-2099
http://www.debian.org/security/2010/dsa-2099
GLSA-201408-19
MDVSA-2010:221
RHSA-2010:0643
http://www.redhat.com/support/errata/RHSA-2010-0643.html
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
USN-1056-1
http://ubuntu.com/usn/usn-1056-1
[dev] 20100806 Two exploitable OpenOffice.org bugs!
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
[oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
http://www.openwall.com/lists/oss-security/2010/08/11/1
[oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
http://www.openwall.com/lists/oss-security/2010/08/11/4
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
https://bugzilla.redhat.com/show_bug.cgi?id=622529
oval:org.mitre.oval:def:12063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
Common Vulnerability Exposure (CVE) ID: CVE-2010-2936
https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6
https://bugzilla.redhat.com/show_bug.cgi?id=622555
oval:org.mitre.oval:def:12144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.