what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Ubuntu Security Notice 903-1
Posted Feb 25, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 903-1 - OpenOffice suffers from multiple vulnerabilities. It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls.

tags | advisory, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, CVE-2010-0136
MD5 | ce4ecf7c54524af66c724c8378accd3e
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Medical Records For 24.3 Million Left Exposed
Posted Sep 18, 2019

tags | headline, privacy, usa, data loss, fraud
New Algorithms Aim To Stamp Out Abuse On Twitter
Posted Sep 18, 2019

tags | headline, fraud, twitter
Poor Protocol Design For IoT Devices Fueling DDoS
Posted Sep 18, 2019

tags | headline, denial of service, flaw
Novaestrat Exec Arrested After Ecuadorian Data Leak
Posted Sep 18, 2019

tags | headline, government, privacy, data loss
Alleged JPMorgan Hacker Set To Plead Guilty
Posted Sep 17, 2019

tags | headline, hacker, bank
The Air Force Will Let Hackers Try To Hijack An Orbiting Satellite
Posted Sep 17, 2019

tags | headline, hacker, usa, conference, military
Gootkit Crew Left Database Exposed Without A Password
Posted Sep 17, 2019

tags | headline, malware, database, data loss, fraud
Attackers Pose As Business Executives To Secure Security Certificates
Posted Sep 17, 2019

tags | headline, cybercrime, fraud, cryptography
Personal Data From Entire 16.6M Population Of Ecuador Leaked Online
Posted Sep 16, 2019

tags | headline, privacy, data loss
Uber Confirms Account Takeover Vulnerability
Posted Sep 16, 2019

tags | headline, hacker, privacy, flaw
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close