Gentoo Linux Security Advisory GLSA 200805-16 - Multiple vulnerabilities have been reported in OpenOffice.org, possibly allowing for user-assisted execution of arbitrary code. Versions less than 2.4.0 are affected.
82c6a43132ca6c9ca557f4f425c4fd77217a2daa4bbf5b388fdaff52633460b9Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.
c38f3f985ebc83c65928bb7d71bee2febda5aa6a848aa40aaf78da2c6ea8c16aMandriva Linux Security Advisory - Multiple vulnerabilities have been address in OpenOffice including arbitrary java code execution and multiple heap overflows.
53aad6dc18f2ecc79021c30d6f9fd0d42f1897ff8d5dce9466ce7ff17c3237e6Mandriva Linux Security Advisory - A heap overflow was discovered in OpenOffice.org's EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or potentially execute arbitrary code if the malicious EMF image was added to a document or if a document containing such an EMF file was opened. A heap overflow was discovered in the OLE Structured Storage file parser, a format used by Microsoft Office documents. An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or potentially execute arbitrary code.
2bb62176a085dc23e9d3bc3f1257d1be460d854adc482799532c6dd747d71fc0SUSE Security Announcement - A large amount of vulnerabilities related to OpenOffice have been patched on SuSE.
844f9feac6e7fecf046f967e47d04ca672e92a3da3619753c28a416cc530a21ciDefense Security Advisory 04.17.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The vulnerability exists within the code responsible for parsing the EMR_STRETCHBLT record in an EMF file. This code reads in two 32-bit integers from the file, and then uses them in an arithmetic operation that calculates the number of bytes to allocate for a dynamic buffer. This calculation can overflow, resulting in an insufficiently sized buffer being allocated. Subsequently, this buffer is overflowed with data from the file. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3. Other versions may also be affected.
eaae57c05bcec835031fde7ebd775e2f4c0fa5c780568b5735acc91a31609cbbDebian Security Advisory 1547-1 - Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code. Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code. A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code.
03bc1c3c31c25ac486fdcc5d389ff943b42eaf4edb24e9a6d427ff9e33de084f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed