unrtf: arbitrary code execution

2014-12-16T00:00:00
ID ASA-201412-20
Type archlinux
Reporter Arch Linux
Modified 2014-12-16T00:00:00

Description

  • CVE-2014-9274 (arbitrary code execution) A flaw allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing the string "{\cb-999999999".

  • CVE-2014-9275 (arbitrary code execution) A flaw allows remote attackers to cause a denial of service (out-of-bounds memory access and crash) and possibly execute arbitrary code via a crafted RTF file.