Buffer overflow : OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800696

Categoría: Buffer overflow

Título: OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability - Windows

Resumen: OpenOffice is prone to a buffer overflow vulnerability.

Descripción: Summary:
OpenOffice is prone to a buffer overflow vulnerability.

Vulnerability Insight:
- An integer underflow error occurs when parsing certain records in a
Word document table.

- An heap overflow error occurs when parsing certain records in a Word
document when opening a malicious Word document.

Vulnerability Impact:
Successful remote exploitation could result in arbitrary code execution on
the affected system which leads to application crash and compromise a
vulnerable system.

Affected Software/OS:
OpenOffice Version prior to 3.1.1 on Windows.

Solution:
Upgrade to OpenOffice Version 3.1.1 or later

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0200
BugTraq ID: 36200
http://www.securityfocus.com/bid/36200
Bugtraq: 20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow (Google Search)
http://www.securityfocus.com/archive/1/506194/100/0/threaded
Debian Security Information: DSA-1880 (Google Search)
http://www.debian.org/security/2009/dsa-1880
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:035
http://www.mandriva.com/security/advisories?name=MDVSA-2010:091
http://www.mandriva.com/security/advisories?name=MDVSA-2010:105
http://development.openoffice.org/releases/3.1.1.html
http://secunia.com/secunia_research/2009-26/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881
http://secunia.com/advisories/35036
http://secunia.com/advisories/36750
http://secunia.com/advisories/60799
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1
SuSE Security Announcement: SUSE-SR:2009:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.vupen.com/english/advisories/2009/2490
Common Vulnerability Exposure (CVE) ID: CVE-2009-0201
Bugtraq: 20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow (Google Search)
http://www.securityfocus.com/archive/1/506195/100/0/threaded
http://secunia.com/secunia_research/2009-27/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10726
http://www.securitytracker.com/id?1022798

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800696
Categoría:	Buffer overflow
Título:	OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability - Windows
Resumen:	OpenOffice is prone to a buffer overflow vulnerability.
Descripción:	Summary: OpenOffice is prone to a buffer overflow vulnerability. Vulnerability Insight: - An integer underflow error occurs when parsing certain records in a Word document table. - An heap overflow error occurs when parsing certain records in a Word document when opening a malicious Word document. Vulnerability Impact: Successful remote exploitation could result in arbitrary code execution on the affected system which leads to application crash and compromise a vulnerable system. Affected Software/OS: OpenOffice Version prior to 3.1.1 on Windows. Solution: Upgrade to OpenOffice Version 3.1.1 or later CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0200 BugTraq ID: 36200 http://www.securityfocus.com/bid/36200 Bugtraq: 20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow (Google Search) http://www.securityfocus.com/archive/1/506194/100/0/threaded Debian Security Information: DSA-1880 (Google Search) http://www.debian.org/security/2009/dsa-1880 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:035 http://www.mandriva.com/security/advisories?name=MDVSA-2010:091 http://www.mandriva.com/security/advisories?name=MDVSA-2010:105 http://development.openoffice.org/releases/3.1.1.html http://secunia.com/secunia_research/2009-26/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881 http://secunia.com/advisories/35036 http://secunia.com/advisories/36750 http://secunia.com/advisories/60799 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1 SuSE Security Announcement: SUSE-SR:2009:015 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://www.vupen.com/english/advisories/2009/2490 Common Vulnerability Exposure (CVE) ID: CVE-2009-0201 Bugtraq: 20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Buffer Overflow (Google Search) http://www.securityfocus.com/archive/1/506195/100/0/threaded http://secunia.com/secunia_research/2009-27/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10726 http://www.securitytracker.com/id?1022798
Copyright	Copyright (C) 2009 Greenbone AG