what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2007-5745

Status Candidate

Overview

Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.

Related Files

Gentoo Linux Security Advisory 200805-16
Posted May 15, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2007-4770, CVE-2007-4771, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
SHA-256 | 82c6a43132ca6c9ca557f4f425c4fd77217a2daa4bbf5b388fdaff52633460b9
Ubuntu Security Notice 609-1
Posted May 7, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.

tags | advisory, java, remote, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2007-4575, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
SHA-256 | c38f3f985ebc83c65928bb7d71bee2febda5aa6a848aa40aaf78da2c6ea8c16a
Mandriva Linux Security Advisory 2008-095
Posted May 2, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Multiple vulnerabilities have been address in OpenOffice including arbitrary java code execution and multiple heap overflows.

tags | advisory, java, overflow, arbitrary, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2007-4575, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320
SHA-256 | 53aad6dc18f2ecc79021c30d6f9fd0d42f1897ff8d5dce9466ce7ff17c3237e6
SUSE-SA-2008-023.txt
Posted Apr 21, 2008
Site suse.com

SUSE Security Announcement - A large amount of vulnerabilities related to OpenOffice have been patched on SuSE.

tags | advisory, vulnerability
systems | linux, suse
advisories | CVE-2008-0320, CVE-2007-5747, CVE-2007-5746, CVE-2007-5745, CVE-2007-4771, CVE-2007-4770
SHA-256 | 844f9feac6e7fecf046f967e47d04ca672e92a3da3619753c28a416cc530a21c
iDEFENSE Security Advisory 2008-04-17.3
Posted Apr 17, 2008
Authored by iDefense Labs | Site idefense.com

iDefense Security Advisory 04.17.08 - Remote exploitation of multiple buffer overflow vulnerabilities in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The first vulnerability occurs when parsing "Attribute" records from the file. Due to a lack of bounds checking during a loop that reads these records, an attacker can trigger a heap overflow by inserting more than 256 records. The second vulnerability is nearly identical to the first one, but involves the "Font Description" record instead of the "Attribute" record.

tags | advisory, remote, overflow, arbitrary, vulnerability
advisories | CVE-2007-5745
SHA-256 | d5c1e54a528aecc168f3f719c15a64b4d477ce0d70a91094ce2679f1c914e587
Debian Linux Security Advisory 1547-1
Posted Apr 17, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1547-1 - Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code. Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code. A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2008-0320, CVE-2007-5746, CVE-2007-5745, CVE-2007-5747
SHA-256 | 03bc1c3c31c25ac486fdcc5d389ff943b42eaf4edb24e9a6d427ff9e33de084f
Page 1 of 1
Back1Next

File Archive:

October 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    10 Files
  • 2
    Oct 2nd
    0 Files
  • 3
    Oct 3rd
    12 Files
  • 4
    Oct 4th
    15 Files
  • 5
    Oct 5th
    18 Files
  • 6
    Oct 6th
    16 Files
  • 7
    Oct 7th
    12 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close