English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.800167
Category:Buffer overflow
Title:OpenOffice Multiple Remote Code Execution Vulnerabilities - Feb10
Summary:Check for the version of OpenOffice
Description:
Overview: This host has OpenOffice running which is prone to multiple
remote code execution vulnerabilities.

Vulnerability Insight:
- GIF Files in GIFLZWDecompressor:: GIFLZWDecompressor function in
filter.vcl/lgif/decode.cxx leading to heap overflow.
- XPM files in XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx
leading to an integer overflow.
- Microsoft Word document in filter/ww8/ww8par2.cxx leading to application
crash or execute arbitrary code via crafted sprmTSetBrc table property
in a Word document.

Impact:
Successful exploitation lets the attackers to cause a denial of service
or execute arbitrary code.

Impact Level: Application/System

Affected Software/OS:
OpenOffice.org versions prior to 3.2

Fix:
Upgrade to OpenOffice.org version 3.2 or later,
http://download.openoffice.org/index.html

References:
http://secunia.com/advisories/38568
http://xforce.iss.net/xforce/xfdb/56236
http://xforce.iss.net/xforce/xfdb/56238
http://xforce.iss.net/xforce/xfdb/56240
http://xforce.iss.net/xforce/xfdb/56241
http://www.vupen.com/english/advisories/2010/0366
Cross-Ref: BugTraq ID: 38218
Common Vulnerability Exposure (CVE) ID: CVE-2009-2949
Debian Security Information: DSA-1995 (Google Search)
http://www.debian.org/security/2010/dsa-1995
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
http://www.redhat.com/support/errata/RHSA-2010-0101.html
SuSE Security Announcement: SUSE-SA:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
http://www.ubuntu.com/usn/USN-903-1
Cert/CC Advisory: TA10-287A
http://www.us-cert.gov/cas/techalerts/TA10-287A.html
http://www.securityfocus.com/bid/38218
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10176
http://securitytracker.com/id?1023591
http://secunia.com/advisories/38567
http://secunia.com/advisories/38568
http://secunia.com/advisories/38695
http://secunia.com/advisories/38921
http://secunia.com/advisories/60799
http://secunia.com/advisories/41818
http://www.vupen.com/english/advisories/2010/0366
http://www.vupen.com/english/advisories/2010/0635
http://www.vupen.com/english/advisories/2010/2905
XForce ISS Database: openoffice-xpm-bo(56236)
http://xforce.iss.net/xforce/xfdb/56236
Common Vulnerability Exposure (CVE) ID: CVE-2009-2950
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11050
XForce ISS Database: openoffice-gif-bo(56238)
http://xforce.iss.net/xforce/xfdb/56238
Common Vulnerability Exposure (CVE) ID: CVE-2009-3301
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10423
XForce ISS Database: openoffice-word-sprmtdeftable-bo(56240)
http://xforce.iss.net/xforce/xfdb/56240
Common Vulnerability Exposure (CVE) ID: CVE-2009-3302
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10022
XForce ISS Database: openoffice-word-sprmtsetbrc-bo(56241)
http://xforce.iss.net/xforce/xfdb/56241
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.