Microsoft Graphics Component Memory Corruption (MS16-099: CVE-2016-3318; CVE-2017-8510)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office handles objects in memory while parsing specially crafted RTF files. A remote attacker can exploit this issue by enticing a user to open a specially crafted file and ...

Microsoft Office Word RTF JPEG Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[SECURITY] [DLA 581-1] libreoffice security update

Package : libreoffice Version : 1:3.5.4+dfsg2-0+deb7u7 CVE ID : CVE-2016-4324 Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. For Debian 7 "Wheezy", these problems have...

DLA-581-1 libreoffice - security update

Bulletin has no description...

FreeBSD : libreoffice -- use-after-free vulnerability (3159cd70-4aaa-11e6-a7bd-14dae9d210b8)

Talos reports : An exploitable Use After Free vulnerability exists in the RTF parser LibreOffice. A specially crafted file can cause a use after free resulting in a possible arbitrary code execution. To exploit the vulnerability a malicious file needs to be opened by the user via vulnerable...

KLA10842 Multiple code execution vulnerabilities in Microsoft Office

An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files. Technical details To mitigate some of these...

Design/Logic Flaw

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...

CVE-2016-4324

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...

DEBIAN-CVE-2016-4324

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...

CVE-2016-4324

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...

Updated libreoffice packages fix security vulnerability

Updated libreoffice packages fix security vulnerability: Parsing the Rich Text Format character style index was insufficiently checked for validity. Documents can be constructed which dereference an iterator to the first entry of an empty STL container CVE-2016-4324...

CVE-2016-4324

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...

CVE-2016-4324

CVE-2016-4324 : A use-after-free vulnerability exists in the LibreOffice RTF parser, triggered by parsing crafted RTF files containing a specific combination of stylesheet and superscript tokens. Exploitation could allow arbitrary code execution. Public technical details in connected documents co...

CVE-2016-4324

Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote attackers to execute arbitrary code via a crafted RTF file, related to stylesheet and superscript tokens...

LibreOffice RTF parser Use After Free (CVE-2016-4324)

A use-after-free vulnerability exists in the RTF parser of the LibreOffice office suite. The vulnerability is due to invalid parsing of stylesheets in RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on th...

libreoffice-fresh: arbitrary code execution

A use after free vulnerability was found in the RTF parser of LibreOffice. The vulnerability lies in the parsing of documents containing both stylesheet and superscript tokens. A specially crafted RTF document containing both a stylesheet and superscript element causes LibreOffice to access an...

Ubuntu: Security Advisory (USN-3022-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3608-1 : libreoffice - security update

Aleksandar Nikolic discovered that missing input sanitising in the RTF parser in Libreoffice may result in the execution of arbitrary code if a malformed documented is opened. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

Ubuntu 16.04 LTS : LibreOffice vulnerability (USN-3022-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3022-1 advisory. It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker...

USN-3022-1: LibreOffice vulnerability

It was discovered that LibreOffice incorrectly handled RTF document files. If a user were tricked into opening a specially crafted RTF document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code...