English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.67895
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2010:0643
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2010:0643.

OpenOffice.org is an office productivity suite that includes desktop
applications, such as a word processor, spreadsheet application,
presentation manager, formula editor, and a drawing program.

An integer truncation error, leading to a heap-based buffer overflow, was
found in the way the OpenOffice.org Impress presentation application
sanitized a file's dictionary property items. An attacker could use this
flaw to create a specially-crafted Microsoft Office PowerPoint file that,
when opened, would cause OpenOffice.org Impress to crash or, possibly,
execute arbitrary code with the privileges of the user running
OpenOffice.org Impress. (CVE-2010-2935)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way OpenOffice.org Impress processed polygons in input
documents. An attacker could use this flaw to create a specially-crafted
Microsoft Office PowerPoint file that, when opened, would cause
OpenOffice.org Impress to crash or, possibly, execute arbitrary code with
the privileges of the user running OpenOffice.org Impress. (CVE-2010-2936)

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. For Red
Hat Enterprise Linux 3, this erratum provides updated openoffice.org
packages. For Red Hat Enterprise Linux 4, this erratum provides updated
openoffice.org and openoffice.org2 packages. All running instances of
OpenOffice.org applications must be restarted for this update to take
effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2010-0643.html
http://www.redhat.com/security/updates/classification/#important

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-2935
1024352
http://www.securitytracker.com/id?1024352
1024976
http://www.securitytracker.com/id?1024976
40775
http://secunia.com/advisories/40775
41052
http://secunia.com/advisories/41052
41235
http://secunia.com/advisories/41235
42927
http://secunia.com/advisories/42927
43105
http://secunia.com/advisories/43105
60799
http://secunia.com/advisories/60799
ADV-2010-2003
http://www.vupen.com/english/advisories/2010/2003
ADV-2010-2149
http://www.vupen.com/english/advisories/2010/2149
ADV-2010-2228
http://www.vupen.com/english/advisories/2010/2228
ADV-2010-2905
http://www.vupen.com/english/advisories/2010/2905
ADV-2011-0150
http://www.vupen.com/english/advisories/2011/0150
ADV-2011-0230
http://www.vupen.com/english/advisories/2011/0230
ADV-2011-0279
http://www.vupen.com/english/advisories/2011/0279
DSA-2099
http://www.debian.org/security/2010/dsa-2099
GLSA-201408-19
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
MDVSA-2010:221
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
RHSA-2010:0643
http://www.redhat.com/support/errata/RHSA-2010-0643.html
SUSE-SR:2010:019
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
SUSE-SR:2010:024
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
USN-1056-1
http://ubuntu.com/usn/usn-1056-1
[dev] 20100806 Two exploitable OpenOffice.org bugs!
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
[oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
http://www.openwall.com/lists/oss-security/2010/08/11/1
[oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
http://www.openwall.com/lists/oss-security/2010/08/11/4
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
https://bugzilla.redhat.com/show_bug.cgi?id=622529
oval:org.mitre.oval:def:12063
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
Common Vulnerability Exposure (CVE) ID: CVE-2010-2936
https://bugzilla.redhat.com/show_bug.cgi?id=622529#c6
https://bugzilla.redhat.com/show_bug.cgi?id=622555
oval:org.mitre.oval:def:12144
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144
CopyrightCopyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.