ID de Prueba:	1.3.6.1.4.1.25623.1.0.800167
Categoría:	Buffer overflow
Título:	OpenOffice Multiple Remote Code Execution Vulnerabilities (Feb 2010)
Resumen:	OpenOffice is prone to multiple remote code execution vulnerabilities.
Descripción:	Summary: OpenOffice is prone to multiple remote code execution vulnerabilities. Vulnerability Insight: - GIF Files in GIFLZWDecompressor:: GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx leading to heap overflow. - XPM files in XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx leading to an integer overflow. - Microsoft Word document in filter/ww8/ww8par2.cxx leading to application crash or execute arbitrary code via crafted sprmTSetBrc table property in a Word document. Vulnerability Impact: Successful exploitation lets the attackers to cause a denial of service or execute arbitrary code. Affected Software/OS: OpenOffice.org versions prior to 3.2 Solution: Upgrade to OpenOffice.org version 3.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2949 BugTraq ID: 38218 http://www.securityfocus.com/bid/38218 Cert/CC Advisory: TA10-287A http://www.us-cert.gov/cas/techalerts/TA10-287A.html Debian Security Information: DSA-1995 (Google Search) http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:221 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10176 http://www.redhat.com/support/errata/RHSA-2010-0101.html http://securitytracker.com/id?1023591 http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 SuSE Security Announcement: SUSE-SA:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://www.ubuntu.com/usn/USN-903-1 http://www.vupen.com/english/advisories/2010/0366 http://www.vupen.com/english/advisories/2010/0635 http://www.vupen.com/english/advisories/2010/2905 XForce ISS Database: openoffice-xpm-bo(56236) https://exchange.xforce.ibmcloud.com/vulnerabilities/56236 Common Vulnerability Exposure (CVE) ID: CVE-2009-2950 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11050 XForce ISS Database: openoffice-gif-bo(56238) https://exchange.xforce.ibmcloud.com/vulnerabilities/56238 Common Vulnerability Exposure (CVE) ID: CVE-2009-3301 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10423 XForce ISS Database: openoffice-word-sprmtdeftable-bo(56240) https://exchange.xforce.ibmcloud.com/vulnerabilities/56240 Common Vulnerability Exposure (CVE) ID: CVE-2009-3302 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10022 XForce ISS Database: openoffice-word-sprmtsetbrc-bo(56241) https://exchange.xforce.ibmcloud.com/vulnerabilities/56241
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.