Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200704-12
HistoryApr 16, 2007 - 12:00 a.m.

OpenOffice.org: Multiple vulnerabilities

2007-04-1600:00:00
Gentoo Foundation
security.gentoo.org
13

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.55 Medium

EPSS

Percentile

97.6%

JSON

Background

OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities.

Description

John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCalc parser and an input validation error when processing metacharacters in a link. Also OpenOffice.Org includes code from libwpd making it vulnerable to heap-based overflows when converting WordPerfect document tables (GLSA 200704-07).

Impact

A remote attacker could entice a user to open a specially crafted document, possibly leading to execution of arbitrary code with the rights of the user running OpenOffice.org.

Workaround

There is no known workaround at this time.

Resolution

All OpenOffice.org users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.1.0-r1"

All OpenOffice.org binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.2.0"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-office/openoffice< 2.1.0-r1UNKNOWN
Gentooanyallapp-office/openoffice-bin< 2.2.0UNKNOWN

Related

openvas 33
debian 3
nessus 41
osv 1
suse 1
oraclelinux 1
securityvulns 4
fedora 5
ubuntu 2
redhat 3
centos 1
cve 4
prion 4
ubuntucve 4
checkpoint_advisories 1
debiancve 2
gentoo 1
openvas
openvas
Debian Security Advisory DSA 1270-2 (openoffice.org)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200704-12 (OpenOffice.org)
2008-09-24 00:00:00
Debian Security Advisory DSA 1270-1 (openoffice.org)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities
2007-03-28 18:03:13
[SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities
2007-03-20 19:40:03
[SECURITY] [DSA 1268-1] New libwpd packages fix arbitrary code execution
2007-03-17 19:13:41
nessus
nessus
Debian DSA-1270-2 : openoffice.org - several vulnerabilities
2007-03-26 00:00:00
openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2682)
2007-10-17 00:00:00
SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 2651)
2007-12-13 00:00:00
osv
osv
openoffice.org - several vulnerabilities
2007-03-20 00:00:00
suse
suse
remote code execution in OpenOffice_org,libwpd
2007-03-21 11:37:17
oraclelinux
oraclelinux
Important: openoffice.org security update
2007-03-22 00:00:00
securityvulns
securityvulns
Multiple OpenOffice security vulnerabilities
2007-04-05 00:00:00
High Risk Vulnerability in OpenOffice
2007-04-05 00:00:00
iDefense Security Advisory 03.16.07: Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities
2007-03-17 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: openoffice.org-2.0.4-5.5.17
2007-03-27 16:20:47
[SECURITY] Fedora Core 5 Update: openoffice.org-2.0.2-5.21.2
2007-03-27 16:13:18
[SECURITY] Fedora Core 5 Update: libwpd-0.8.9-1.fc5
2007-03-19 22:59:38
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2007-03-27 00:00:00
libwpd vulnerability
2007-03-19 00:00:00
redhat
redhat
(RHSA-2007:0069) Important: openoffice.org security update
2007-03-22 00:00:00
(RHSA-2007:0033) Important: openoffice.org security update
2007-03-22 00:00:00
(RHSA-2007:0055) Important: libwpd security update
2007-03-16 00:00:00
centos
centos
openoffice.org security update
2007-03-23 11:51:20
cve
cve
CVE-2007-0239
2007-03-21 19:19:00
CVE-2007-0238
2007-03-21 19:19:00
CVE-2007-1466
2007-03-16 21:19:00
prion
prion
Code injection
2007-03-21 19:19:00
Stack overflow
2007-03-21 19:19:00
Integer overflow
2007-03-16 21:19:00
ubuntucve
ubuntucve
CVE-2007-0239
2007-03-21 00:00:00
CVE-2007-0238
2007-03-21 00:00:00
CVE-2007-0002
2007-03-16 00:00:00
checkpoint_advisories
checkpoint_advisories
WordPerfect Multiple Vendor libwpd WP3TablesGroup Heap Overflow (CVE-2007-0002)
2009-10-05 00:00:00
debiancve
debiancve
CVE-2007-0002
2007-03-16 21:19:00
CVE-2007-1466
2007-03-16 21:19:00
gentoo
gentoo
libwpd: Multiple vulnerabilities
2007-04-06 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.55 Medium

EPSS

Percentile

97.6%

JSON
Related for GLSA-200704-12
openvas33debian3nessus41osv1suse1oraclelinux1securityvulns4fedora5ubuntu2redhat3centos1cve4prion4ubuntucve4checkpoint_advisories1debiancve2gentoo1