FreeBSD Local Security Checks : openoffice -- DOC document heap overflow vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52138

Categoría: FreeBSD Local Security Checks

Título: openoffice -- DOC document heap overflow vulnerability

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

openoffice, ar-openoffice, ca-openoffice, cs-openoffice, de-openoffice,
dk-openoffice, el-openoffice, es-openoffice, et-openoffice, fi-openoffice,
fr-openoffice, gr-openoffice, hu-openoffice, it-openoffice, ja-openoffice,
ko-openoffice, nl-openoffice, pl-openoffice, pt-openoffice, pt_BR-openoffice,
ru-openoffice, se-openoffice, sk-openoffice, sl-openoffice-SI, tr-openoffice,
zh-openoffice-CN, zh-openoffice-TW, jp-openoffice, kr-openoffice, sl-openoffice-SL,
zh-openoffice, zh_TW-openoffice

CVE-2005-0941
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4
and earlier allocates memory based on 16 bit length values, but
process memory using 32 bit values, which allows remote attackers to
cause a denial of service and possibly execute arbitrary code via a
DOC document with certain length values, which leads to a heap-based
buffer overflow.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
5.1

CVSS Vector:
AV:N/AC:H/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0941
BugTraq ID: 13092
http://www.securityfocus.com/bid/13092
Bugtraq: 20050412 OpenOffice DOC document Heap Overflow (Google Search)
http://www.securityfocus.com/archive/1/395516
http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9106
http://www.redhat.com/support/errata/RHSA-2005-375.html
http://secunia.com/advisories/17027
SuSE Security Announcement: SUSE-SR:2005:021 (Google Search)
http://www.novell.com/linux/security/advisories/2005_21_sr.html

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52138
Categoría:	FreeBSD Local Security Checks
Título:	openoffice -- DOC document heap overflow vulnerability
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: openoffice, ar-openoffice, ca-openoffice, cs-openoffice, de-openoffice, dk-openoffice, el-openoffice, es-openoffice, et-openoffice, fi-openoffice, fr-openoffice, gr-openoffice, hu-openoffice, it-openoffice, ja-openoffice, ko-openoffice, nl-openoffice, pl-openoffice, pt-openoffice, pt_BR-openoffice, ru-openoffice, se-openoffice, sk-openoffice, sl-openoffice-SI, tr-openoffice, zh-openoffice-CN, zh-openoffice-TW, jp-openoffice, kr-openoffice, sl-openoffice-SL, zh-openoffice, zh_TW-openoffice CVE-2005-0941 The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0941 BugTraq ID: 13092 http://www.securityfocus.com/bid/13092 Bugtraq: 20050412 OpenOffice DOC document Heap Overflow (Google Search) http://www.securityfocus.com/archive/1/395516 http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9106 http://www.redhat.com/support/errata/RHSA-2005-375.html http://secunia.com/advisories/17027 SuSE Security Announcement: SUSE-SR:2005:021 (Google Search) http://www.novell.com/linux/security/advisories/2005_21_sr.html
Copyright	Copyright (C) 2008 E-Soft Inc.