ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability

ZDI-08-023: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-023 August 14, 2007 -- CVE ID: CVE-2008-1091 -- Affected Vendors: Microsoft -- Affected Products: Microsoft Office Excel Microsoft Office Word -- TippingPointTM IPS...

Microsoft Word multiple security vulnerabilities

Memory coruption on RTF parsing, memory corruption on CSS parsing...

Heap overflow

Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format .rtf file with a malformed string that triggers a "memory calculation error" and a heap-based...

Microsoft Word RTF File Handling Memory Corruption (MS08-026; CVE-2008-1091)

A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to a memory calculation error in Microsoft Word that fails to properly handle specially crafted Rich Text Format .rtf files. A remote attacker could trigger this flaw by convincing a victim to op...

Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability

Description Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in use...

Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page, open a malicious email, or open a malicious file. The specific flaw exis...

Microsoft Office .WPS File Stack Overflow Exploit (MS08-011)

No description provided by source. / Copyright c 2008 chujwamwdupe - pumpernikiel.c one day in teletubby land... an email from idefense: "Unfortunately, Microsoft has refused to credit you using the name you requested." ...what's wrong with 'chujwamwdupe', eh? Description:...

Microsoft Office 2003 - '.wps' Local Stack Overflow (MS08-011)

/ Copyright c 2008 chujwamwdupe - pumpernikiel.c one day in teletubby land... an email from idefense: "Unfortunately, Microsoft has refused to credit you using the name you requested." ...what's wrong with 'chujwamwdupe', eh? Description: A vulnerability exists in WPS to RTF convert filter that i...

Debian Security Advisory DSA 1307-1 (openoffice.org)

The remote host is missing an update to openoffice.org announced via advisory DSA 1307-1. OpenVAS Vulnerability Test $Id: deb13071.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1307-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 894-1 (abiword)

The remote host is missing an update to abiword announced via advisory DSA 894-1. Chris Evans discoverd several buffer overflows in the RTF import mechanism of AbiWord, a WYSIWYG word processor based on GTK 2. Opening a specially crafted RTF file could lead to the execution of arbitrary code. For...

Debian: Security Advisory (DSA-894-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1307-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 3761)

This update of OpenOfficeorg fixes a heap-overflow in the RTF parser and additional non-security bugs. CVE-2007-0245 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

Fedora 7 : openoffice.org-2.2.0-14.11 (2007-0410)

This update fixes a possible buffer overrun in hand-crafted rtf files that use the custom /prtdata tag. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much a...

Fedora 7 : clamav-0.91.2-2.fc7 (2007-2050)

Sat Aug 25 2007 Enrico Scholz - 0.91.2-2 - fixed an open2 issue - Sat Aug 25 2007 Enrico Scholz - 0.91.2-1 - updated to 0.91.2 SECURITY : - CVE-2007-4510 DOS in RTF parser - DOS in html normalizer - arbitrary command execution by special crafted recipients in clamav-milter's black-hole mode Note...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-3626)

This update of OpenOfficeorg fixes a heap-overflow in the RTF parser and additional non-security bugs. CVE-2007-0245 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update OpenOfficeorg-3626. The tex...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-3530)

This update of OpenOfficeorg fixes a heap-overflow in the RTF parser and additional non-security bugs. CVE-2007-0245 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update OpenOfficeorg-3530. The tex...

ClamAV antivirus multiple security vulnerabilities

DoS on RTF and HTML parsing...

Debian DSA-1366-1 : clamav - several vulnerabilities

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-4510 It was discovered that the RTF and RFC2397 parsers can be tricked into dereferencing a NULL pointer, resulting i...

Mandrake Linux Security Advisory : clamav (MDKSA-2007:172)

A vulnerability in ClamAV was discovered that could allow remote attackers to cause a denial of service via a crafted RTF file or a crafted HTML document with a data: URI, both of which trigger a NULL dereference CVE-2007-4510. A vulnerability in clamav-milter, when run in black hole mode, could...