Lucene search

K

[email protected]NVD:CVE-2012-1149

HistoryJun 21, 2012 - 3:55 p.m.

CVE-2012-1149

2012-06-2115:55:11

CWE-189

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Affected configurations

NVD

Node

libreofficelibreofficeRange≤3.5.2

Node

debiandebian_linuxMatch6.0

OR

debiandebian_linuxMatch7.0

Node

redhatenterprise_linuxMatch5.0

OR

redhatenterprise_linux_desktopMatch5.0

OR

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_server_ausMatch6.2

OR

redhatenterprise_linux_server_eusMatch6.2.z

OR

redhatenterprise_linux_workstationMatch6.0

Node

apacheopenoffice.orgMatch3.3.0

OR

apacheopenoffice.orgMatch3.4beta

Node

fedoraprojectfedoraMatch15

OR

fedoraprojectfedoraMatch16

References

archives.neohapsis.com/archives/bugtraq/2012-05/0089.html

lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html

lists.fedoraproject.org/pipermail/package-announce/2012-May/081319.html

rhn.redhat.com/errata/RHSA-2012-0705.html

secunia.com/advisories/46992

secunia.com/advisories/47244

secunia.com/advisories/49140

secunia.com/advisories/49373

secunia.com/advisories/49392

secunia.com/advisories/50692

secunia.com/advisories/60799

security.gentoo.org/glsa/glsa-201209-05.xml

securitytracker.com/id?1027068

www.debian.org/security/2012/dsa-2473

www.debian.org/security/2012/dsa-2487

www.gentoo.org/security/en/glsa/glsa-201408-19.xml

www.libreoffice.org/advisories/cve-2012-1149/

www.mandriva.com/security/advisories?name=MDVSA-2012:090

www.mandriva.com/security/advisories?name=MDVSA-2012:091

www.openoffice.org/security/cves/CVE-2012-1149.html

www.osvdb.org/81988

www.securityfocus.com/bid/53570

exchange.xforce.ibmcloud.com/vulnerabilities/75692

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.047 Low

EPSS

Percentile

92.7%

Related for NVD:CVE-2012-1149

nessus18 openvas32 fedora3 ubuntucve1 debiancve1 securityvulns2 prion1 cvelist1 debian5 cve1 oraclelinux1 centos1 osv1 redhat1 ubuntu2 gentoo2