Arbitrary Code Execution

2020-04-1000:57:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

JSON

openoffice.org is vulnerable to arbitrary code execution. The vulnerability exist as a heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain Microsoft Office PowerPoint files. An attacker could use this flaw to create a specially-crafted Microsoft Office PowerPoint file that, when opened, would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.

CPENameOperatorVersion
openoffice.orgeq2.3.0__6.11.el5
openoffice.orgeq2.3.0__6.5.el5
openoffice.orgeq2.3.0__6.10.el5
openoffice.orgeq2.3.0__6.11.el5_4.4
openoffice.orgeq2.3.0__6.11.el5_4.1
openoffice.orgeq2.3.0__6.5.4.el5_2
openoffice.orgeq2.3.0__6.5.2.el5_2
openoffice.orgeq2.3.0__6.5.1.el5_2
openoffice.orgeq2.3.0__6.11.el5
openoffice.orgeq2.3.0__6.5.el5

Name	Operator	Version
openoffice.org	eq	2.3.0__6.11.el5
openoffice.org	eq	2.3.0__6.5.el5
openoffice.org	eq	2.3.0__6.10.el5
openoffice.org	eq	2.3.0__6.11.el5_4.4
openoffice.org	eq	2.3.0__6.11.el5_4.1
openoffice.org	eq	2.3.0__6.5.4.el5_2
openoffice.org	eq	2.3.0__6.5.2.el5_2
openoffice.org	eq	2.3.0__6.5.1.el5_2
openoffice.org	eq	2.3.0__6.11.el5
openoffice.org	eq	2.3.0__6.5.el5