Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902283
Category:General
Title:OpenOffice.org Buffer Overflow and Directory Traversal Vulnerabilities (Windows)
Summary:The host has OpenOffice installed and is prone to buffer overflow; and directory traversal vulnerabilities.
Description:Summary:
The host has OpenOffice installed and is prone to buffer overflow
and directory traversal vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to:

- A buffer overflow error when processing malformed TGA files and PNG files

- A memory corruption error within the 'WW8ListManager::WW8ListManager()'
and 'WW8DopTypography::ReadFromMem()' function when processing malformed
data

- A memory corruption error when processing malformed RTF data

- A directory traversal error related to 'zip/jar' package extraction

- A buffer overflow error when processing malformed PPT files

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code in the context of the application. Failed exploit attempts will crash
the application.

Affected Software/OS:
OpenOffice Version 2.x and 3.x to 3.2.0 on windows.

Solution:
Upgrade to OpenOffice Version 3.3.0 or later

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 46031
Common Vulnerability Exposure (CVE) ID: CVE-2010-3450
http://www.securityfocus.com/bid/46031
Debian Security Information: DSA-2151 (Google Search)
http://www.debian.org/security/2011/dsa-2151
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
http://osvdb.org/70711
http://www.redhat.com/support/errata/RHSA-2011-0181.html
http://www.redhat.com/support/errata/RHSA-2011-0182.html
http://www.securitytracker.com/id?1025002
http://secunia.com/advisories/40775
http://secunia.com/advisories/42999
http://secunia.com/advisories/43065
http://secunia.com/advisories/43105
http://secunia.com/advisories/43118
http://secunia.com/advisories/60799
http://ubuntu.com/usn/usn-1056-1
http://www.vupen.com/english/advisories/2011/0230
http://www.vupen.com/english/advisories/2011/0232
http://www.vupen.com/english/advisories/2011/0279
Common Vulnerability Exposure (CVE) ID: CVE-2010-3451
http://www.cs.brown.edu/people/drosenbe/research.html
http://www.vsecurity.com/resources/advisory/20110126-1
http://osvdb.org/70712
XForce ISS Database: ooo-rtf-ce(65030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65030
Common Vulnerability Exposure (CVE) ID: CVE-2010-3452
http://osvdb.org/70713
XForce ISS Database: ooo-oowriter-ce(65031)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
Common Vulnerability Exposure (CVE) ID: CVE-2010-3453
http://osvdb.org/70714
Common Vulnerability Exposure (CVE) ID: CVE-2010-3454
http://osvdb.org/70715
Common Vulnerability Exposure (CVE) ID: CVE-2010-4253
http://osvdb.org/70717
Common Vulnerability Exposure (CVE) ID: CVE-2010-4643
http://osvdb.org/70718
XForce ISS Database: ooo-tga-bo(65441)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65441
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.