LibreOffice, OpenOffice Security Vulnerabilities

Microsoft Office 2002 - Excel/Powerpoint/Word.. 10.0.2614.0 => 11.0.5612.0

Full archive at http://www.milw0rm.com/sploits/excel_03262006.rar Topic : Microsoft Office 2002 - Excel/Powerpoint/Word.. 10.0.2614.0 => 11.0.5612.0 Date : 02/12/2006 Author : posidron <[email protected]> Table of Contens Some Excel Information The XLS File Format and...

MS Office Products Array Index Bounds Error (unpatched) PoC

No description provided by...

Microsoft Office Products - Array Index Bounds Error (PoC)

Microsoft Office Products - Array Index Bounds Error...

MS Office Products Array Index Bounds Error (unpatched) PoC

Exploit for unknown platform in category dos /...

OpenOffice.org: Heap overflow in included libcurl

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheet, presentation, data charting, formula editing and file conversion facilities. libcurl, which is included in OpenOffice.org, is a free and easy-to-use client-side library for transferring files with...

[Full-disclosure] [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Microsoft Excel Named Range Arbitrary Code Execution Classification: Level: low-med-[HIGH]-crit ID: HEXVIEW200603141 URL: http://www.hexview.com/docs/20060314-1.txt References: [Originally published by fearwall on eBay] CVE: CVE-2005-4131 OVSDB: 21568.....

Ubuntu 4.10 / 5.04 : openoffice.org vulnerability (USN-121-1)

The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document....

CVE-2005-4636

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security...

wget / curl buffer overflow

Buffer overflow on client NTLM...

FreeBSD : openoffice -- DOC document heap overflow vulnerability (b206dd82-ac67-11d9-a788-0001020eed82)

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker to....

OpenOffice.org vulnerability

Releases Ubuntu 5.04 Ubuntu 4.10 Details The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the...

CVE-2005-0941

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain.....

CVE-2005-0941

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain.....

CVE-2005-0941

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain.....

remote code execution in OpenOffice_org

This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice. Solution Install the updated packages. A possible workaround is to not...

SUSE-SA:2005:025: OpenOffice_org

The remote host is missing the patch for the advisory SUSE-SA:2005:025 (OpenOffice_org). This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the...

GLSA-200504-13 : OpenOffice.Org: DOC document Heap Overflow

The remote host is affected by the vulnerability described in GLSA-200504-13 (OpenOffice.Org: DOC document Heap Overflow) AD-LAB has discovered a heap overflow in the 'StgCompObjStream::Load()' function when processing DOC documents. Impact : An attacker could design a malicious DOC document...

OpenOffice.Org: DOC document Heap Overflow

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description AD-LAB has discovered a heap overflow in the "StgCompObjStream::Load()" function when processing.....

CVE-2005-0941

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain.....

[Full-disclosure] OpenOffice DOC document Heap Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenOffice DOC document Heap Overflow [Security Advisory] Advisory:[AD_LAB-05001] OpenOffice DOC document Heap Overflow Class: Design Error DATE:30/3/2005 CVEID:CAN-2005-0941 Vulnerable: <=OpenOffice OpenOffice 1.1.4 -OpenOffice OpenOffice...

openoffice -- DOC document heap overflow vulnerability

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. ...

OpenOffice buffer overflow

Buffer overflow on Microsoft Word files...

GLSA-200410-17 : OpenOffice.org: Temporary files disclosure

The remote host is affected by the vulnerability described in GLSA-200410-17 (OpenOffice.org: Temporary files disclosure) On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When a document is saved, a compressed copy of it can be found in that...

CVE-2004-0752

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other...

CVE-2004-0752

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other...

CVE-2004-0752

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other...

OpenOffice.org: Temporary files disclosure

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When...

FreeBSD : openoffice -- document disclosure (131)

The following package needs to be updated:...

CVE-2004-0752

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other...

[Full-Disclosure] Secunia Research: StarOffice / OpenOffice Insecure Temporary File Creation

====================================================================== Secunia Research 13/09/2004 - StarOffice / OpenOffice Insecure Temporary File Creation - ====================================================================== Table of Contents Affected...

StarOffice/OpenOffice symbolic links vulnerability

symlink problem during temporary files...

GLSA-200405-04 : OpenOffice.org vulnerability when using DAV servers

The remote host is affected by the vulnerability described in GLSA-200405-04 (OpenOffice.org vulnerability when using DAV servers) OpenOffice.org includes code from the Neon library in functions related to publication on WebDAV servers. This library is vulnerable to several format string...

openoffice -- document disclosure

OpenOffice creates a working directory in /tmp on startup, and uses this directory to temporarily store document content. However, the permissions of the created directory may allow other user on the system to read these files, potentially exposing information the user...

OpenOffice < 2.4.1 rtl_allocateMemory Integer Overflow

The version of OpenOffice installed on the remote host reportedly contains an integer overflow vulnerability in 'rtl_allocateMemory()', a custom memory allocation function used by the application. If an attacker can trick a user on the affected system, he can leverage this issue to execute...

RHEL 3 : openoffice.org (RHSA-2004:160)

Updated OpenOffice packages that fix a vulnerability in neon exploitable by a malicious DAV server are now available. OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. OpenOffice internally uses inbuilt code from neon, an HTTP and WebDAV client...

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary...

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary...

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary...

neon format string bugs and heap overflow

Format string bugs in few...

Advisory 06/2004: libneon date parsing vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: libneon date parsing vulnerability Release Date: 2004/05/19 Last Modified: 2004/05/19 Author: Stefan Esser...

[ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gentoo Linux Security Advisory GLSA 200405-04 http://security.gentoo.org/ Severity: High Title: OpenOffice.org vulnerability when using DAV servers Date: May 11,...

OpenOffice.org vulnerability when using DAV servers

Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description OpenOffice.org includes code from the Neon library in functions related to publication on WebDAV.....

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary...

(RHSA-2004:160) openoffice.org security update

OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. OpenOffice internally uses inbuilt code from neon, an HTTP and WebDAV client library. Versions of the neon client library up to and including 0.24.4 have been found to contain a number of format...

openoffice110.txt

...

OpenOffice 1.0.1 - Remote Access Denial of Service

OpenOffice 1.0.1 - Remote Access Denial of...

OpenOffice 1.0.1 - Remote Access Denial of Service

...

CVE-2002-2210

The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary...

Linux news 14.12.00

Ядро 2.2.18 Наконец-то вышло следующее стабильное ядро из ветки 2.2. Подробнее: http://www.kernel.org/pub/linux/kernel/v2.2/linux-2.2.18.log Linux Kernel 2.4.0-test12 is out Вышла новая тестовая версия ядра линух 2.4.0 Подробнее: http://dredd.crimea.edu/linuxnews/test12.txt Ядро...

Linux news 6.12.00

Linux kernel 2.4.0-test12-pre5 Вышла новая пре версия тестового ядра Linux 2.4.0-test12. В этот раз бакпортирован ymfpci драйвер из 2.2.18. Линус утверждает что этот драйвер работает даже лучше, чем в ALSA. Исправлен нехорроший баг в ext2, так же исправлена ошибка в iptables, которая проявлялась...