LibreOffice, OpenOffice Security Vulnerabilities

OpenOffice integer overflows

Integer overflows in...

OpenOffice.org Buffer Overflow and Directory Traversal Vulnerabilities (Windows)

The host has OpenOffice installed and is prone to buffer overflow and directory traversal...

OpenOffice.org Buffer Overflow and Directory Traversal Vulnerabilities - Windows

OpenOffice is prone to buffer overflow and directory traversal...

CVE-2010-2935

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted...

CVE-2010-2936

Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer...

KLA10280 DoS vulnerability in OpenOffice.org

Multiple critical vulnerabilities have been found in OpenOffice.org. Malicious users can exploit these vulnerabilities to cause denial of service or possibly execute arbitrary code. Below is a complete list of vulnerabilities An integer overflow can be exploited remotely via specially designed...

OpenOffice RTF File Parsing Heap Buffer Overflow (CVE-2007-0245)

A buffer overflow vulnerability exists in the OpenOffice software suite. The vulnerability is due to the way OpenOffice parses specially crafted Rich Text Format (RTF) documents. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted RTF file,...

MDVA-2009:187 : desktop-common-data

Sound events for Ia_Ora sound theme were not disabled by default for some actions. This package fixes this issue and ensure OpenOffice entries are in the correct order in Office menu in desktop...

Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:035)

This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow...

openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (openSUSE-SU-2010:0386-1)

This update of OpenOffice_org does not allow macros written in Python to be executed without permission,...

openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (openSUSE-SU-2010:0386-1)

This update of OpenOffice_org does not allow macros written in Python to be executed without permission,...

openSUSE Security Update : OpenOffice_org (openSUSE-SU-2010:0386-1)

This update of OpenOffice_org does not allow macros written in Python to be executed without permission,...

Fedora 12 : openoffice.org-3.1.1-19.26.fc12 (2010-1847)

Fri Feb 12 2010 Caolan McNamara 1:3.1.1-19.26 CVE-2009-2950 GIF file parsing heap overflow (caolanm) CVE-2009-2949 integer overflow in XPM processing (caolanm) CVE-2009-3301 .doc Table Parsing vulernability (caolanm) CVE-2009-3302 .doc Table Parsing vulernability ...

Fedora 11 : openoffice.org-3.1.1-19.12.fc11 (2010-1941)

Fri Feb 12 2010 Caolan McNamara 1:3.1.1-19.12 CVE-2009-2950 GIF file parsing heap overflow (caolanm) CVE-2009-2949 integer overflow in XPM processing (caolanm) CVE-2009-3301 .doc Table Parsing vulernability (caolanm) CVE-2009-3302 .doc Table Parsing vulernability ...

OpenOffice EMF File EMR Record Parsing Integer Overflow (CVE-2008-2238)

An integer overflow vulnerability exists in the OpenOffice software suite. The vulnerability is due to the way OpenOffice parses EMF images. A remote attacker could exploit this vulnerability by persuading a user to open a malicious EMF file, potentially causing arbitrary code to be injected and...

CVE-2010-0395

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is...

Code injection

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is...

Oracle OpenOffice.org < 3.2.1 Multiple Vulnerabilities

The version of Oracle OpenOffice.org installed on the remote host is prior to 3.2.1. It is, therefore, affected by several issues : There is a TLS/SSL renegotiation vulnerability in the included third-party OpenSSL library. (CVE-2009-3555) There is a python scripting vulnerability that...

OpenOffice < 3.2.1 Multiple Vulnerabilities

The version of OpenOffice installed on the remote host is earlier than 3.2.1. Such version are affected by several issues : There is a TLS/SSL renegotiation vulnerability in the included third-party OpenSSL library. (CVE-2009-3555) There is a python scripting vulnerability which may lead to...

OpenOffice Fixes Bugs With 3.2.1

The OpenOffice.org development team have issued the first point update to the 3.2.x branch of their open source office suite for Windows, Mac OS, Linux and Solaris. The maintenance update addresses a number of bugs and security issues found in the previous 3.2 release, but adds no new features....

OpenOffice.org Microsoft Word File Processing Integer Underflow (CVE-2009-3301; CVE-2009-3302)

OpenOffice.org is an open source office suite that includes a word processor, a spreadsheet application, a presentation creator, an illustration drawer, a desktop database, and an equation editor. The product is made available for multiple platforms and languages. An integer underflow...

OpenOffice EMF File EMR_BITBLT Record Integer Overflow (CVE-2007-5746)

An integer overflow vulnerability exists in the OpenOffice software suite. The vulnerability is due to the way OpenOffice parses EMF images. A remote attacker could exploit this vulnerability by persuading a user to open a malicious EMF file, potentially causing arbitrary code to be injected and...

OpenOffice.org XPM File Processing Integer Overflow (CVE-2009-2949)

OpenOffice.org is an open source office suite that includes a word processor, a spreadsheet application, a presentation creator, an illustration drawer, a desktop database, and an equation editor. The product is made available for multiple platforms and languages. An integer overflow vulnerability....

Respect The Fuzzer

This image from Charlie Miller’s CanSecWest presentation (credit InfoSec Events) shows how a small home-brewed fuzzing tool found multiple exploitable vulnerabilities in Apple’s Preview, Microsoft’s PowerPoint and OpenOffice. At the Pwn2Own contest, all the vulnerabilities used in the winning...

OpenOffice Word Document Table Parsing Heap Overflow (CVE-2009-0201)

OpenOffice.org is an open source office suite. The suite includes a word processor, a spreadsheet application, a presentation creator, an illustration drawer, a desktop database, and an equation editor. The product is made available for multiple platforms and languages. A heap overflow...

OpenOffice Word Document Table Parsing Integer Underflow (CVE-2009-0200)

OpenOffice.org is an open source office suite. The suite includes a word processor, a spreadsheet application, a presentation creator, an illustration drawer, a desktop database, and an equation editor. The product is made available for multiple platforms and languages. An integer underflow...

ZipScan 2.2c Buffer Overflow

...

OpenOffice VBA Macro Restrictions Remote Security Bypass Vulnerability

Bugtraq ID:38245 CVE:CVE-2010-0136 OpenOffice is prone to a remote security-bypass vulnerability. An attacker can exploit this issue to bypass intended restrictions on macro code, which may allow the attacker to obtain sensitive information or launch further attacks. Details on this issue are not.....

Ubuntu Update for openoffice.org vulnerabilities USN-903-1

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu: Security Advisory (USN-903-1)

The remote host is missing an update for...

Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1)

It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) Sebastian Apelt and Frank Reissner discovered that OpenOffice did not...

Debian DSA-1880-1 : openoffice.org - several vulnerabilities

Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a ...

OpenOffice.org vulnerabilities

Releases Ubuntu 9.10 Ubuntu 9.04 Ubuntu 8.10 Ubuntu 8.04 Packages openoffice.org - Details It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege...

OpenOffice Multiple Remote Code Execution Vulnerabilities - Feb10

This host has OpenOffice running which is prone to multiple remote code execution...

OpenOffice Multiple Remote Code Execution Vulnerabilities (Feb 2010)

OpenOffice is prone to multiple remote code execution...

OpenOffice VBA Macro Restrictions Remote Security Bypass Vulnerability

This host has OpenOffice running which is prone to remote security bypass...

OpenOffice VBA Macro Restrictions Remote Security Bypass Vulnerability

OpenOffice is prone to a remote security bypass...

OpenOffice Zaps Six Security Bugs

OpenOffice.org has shipped a new version of the desktop productivity suite to patch six vulnerabilities that could expose users to malicious hacker attacks. The flaws fixed in OpenOffice.org 3.2 could be exploited via GIF, XPM files and Microsoft Word document processing, according to an advisory.....

OpenOffice buffer overflow

Buffer overflow on Microsoft Word documents...

VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities

VUPEN Security Research - OpenOffice.org Word Document Handling Heap Overflow Vulnerabilities http://www.vupen.com/english/research.php I. BACKGROUND OpenOffice.org (OO.o or OOo), commonly known as OpenOffice, is an open source software application suite available for a number of different...

CVE-2009-3302

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error...

Design/Logic Flaw

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error...

CVE-2009-2949

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer...

CVE-2009-2950

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW...

Code injection

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted...

CVE-2010-0136

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted...

Integer overflow

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer...

Heap overflow

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW...

Integer overflow

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word...

CVE-2010-0136

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted...