218 matches found
CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Advisory Name: libraptor - XXE in RDF/XML File Interpretation Release Date: 2012-03-24 Applications: libraptor / librdf...
FreeBSD : raptor/raptor2 -- XXE in RDF/XML File Interpretation (60f81af3-7690-11e1-9423-00235a5f2c9a)
Timothy D. Morgan reports : In December 2011, VSR identified a vulnerability in multiple open source office products including OpenOffice, LibreOffice, KOffice, and AbiWord due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability w...
OpenOffice ODF文档信息泄露漏洞
Bugtraq ID: 52681 CVE ID:CVE-2012-0037 OpenOffice是一款开放源代码的文字处理系统 OpenOffice.org存在一个XML外部实体攻击,处理ODF文档中某些XML组件中的外部实体时存在漏洞,通过构建外部实体引用其他本地文件系统资源,攻击者可以无需用户交互把本地内容注入到ODF文档中,导致信息泄露 0 OpenOffice 3.4 Beta OpenOffice 3.3 厂商解决方案 用户可参考如下供应商提供的安全公告获得补丁信息:...
CVE-2010-4643
Heap-based buffer overflow in Impress in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Truevision TGA TARGA file in an ODF or Microsoft Office document...
Heap overflow
Heap-based buffer overflow in Impress in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Truevision TGA TARGA file in an ODF or Microsoft Office document...
CVE-2010-4643
Heap-based buffer overflow in Impress in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Truevision TGA TARGA file in an ODF or Microsoft Office document...
CVE-2010-4253
CVE-2010-4253 is confirmed in OpenOffice/OpenOffice Impress. The vulnerability is a heap-based buffer overflow in Impress of OpenOffice.org 2.x and 3.x (before 3.3) triggered by a crafted PNG inside an ODF or Microsoft Office document (e.g., PowerPoint), leading to a remote crash or possible arbi...
CVE-2010-4643
OpenOffice.org/OpenOffice.org Impress (2.x–3.x) contains a heap-based buffer overflow in the TGA (Truevision TGA) image handling that can be triggered by a crafted TGA file embedded in ODF or Office documents, potentially causing crashes or arbitrary code execution. The CVE is referenced across m...
CVE-2010-4253
Heap-based buffer overflow in Impress in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint aka PPT...
OpenOffice.org: heap based buffer overflow when parsing TGA files
Heap-based buffer overflow in Impress in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Truevision TGA TARGA file in an ODF or Microsoft Office document...
CVE-2010-4643
Heap-based buffer overflow in Impress in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted Truevision TGA TARGA file in an ODF or Microsoft Office document...
PT-2011-1224 · Oracle +3 · Openoffice.Org +3
Name of the Vulnerable Software and Affected Versions: OpenOffice.org OOo versions 2.x through 3.x before 3.3 Description: The issue is related to a heap-based buffer overflow in Impress, which can be triggered by a crafted PNG file in an ODF or Microsoft Office document. This can cause a denial ...
CVE-2010-4253
Heap-based buffer overflow in Impress in OpenOffice.org OOo 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint aka PPT...
SA-CONTRIB-2010-012 - ODF Import - Access Bypass (possible Cross Site Scripting)
ODF Import module enables users of a Drupal site to import content created in the ODF format e.g. using OpenOffice.org. When importing content it always used an input format which might not be available to the user importing the content leading to a cross-site scripting XSS vulnerability. Such an...
OpenOffice < 2.4 Multiple Vulnerabilities
Binary data 4474.prm...
Sun OpenOffice.org < 2.4 Multiple Vulnerabilities
The version of Sun Microsystems OpenOffice.org installed on the remote host is affected by several issues : - Heap overflow and arbitrary code execution vulnerabilities involving ODF text documents with XForms CVE-2007-4770/4771. - Heap overflow and arbitrary code execution vulnerabilities...
openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2652)
Following security problems were fixed in OpenOfficeorg : CVE-2007-0002: Various problems were fixed in the Wordperfect converter library libwpd in OpenOfficeorg which could be used by remote attackers to potentially execute code or crash OpenOfficeorg. CVE-2007-0238: A stack overflow in the...
openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2682)
Following security problems were fixed in OpenOfficeorg : This update also brings OpenOfficeorg to version 2.0.4.17, same as SUSE Linux Enterprise Desktop 10 and contains lots of bugfixes. CVE-2007-0002: Various problems were fixed in the Wordperfect converter library libwpd in OpenOfficeorg whic...