exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

iDEFENSE Security Advisory 2008-04-17.1
Posted Apr 17, 2008
Authored by iDefense Labs, Marsu | Site idefense.com

iDefense Security Advisory 04.17.08 - Remote exploitation of a heap based buffer overflow vulnerability in OpenOffice.org's OpenOffice, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability exists within the importer for files stored using the OLE format. When parsing the "DocumentSummaryInformation" stream, the vulnerable code does not correctly verify the size of a destination buffer before copying data from the file into it. This results in an exploitable heap overflow. iDefense confirmed the existence of this vulnerability in OpenOffice version 2.3.1. Other versions may also be affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2008-0320
SHA-256 | beba06a82f3c37e625f8a5390af46b7f3dcc88612314ae0518e218e18547ff9e

Related Files

Secunia Security Advisory 50270
Posted Aug 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 4b0428dc306c48a1dce3d0d242c022d32ecb1999aeef39be84f18c9203785e16
Ubuntu Security Notice USN-1537-1
Posted Aug 14, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1537-1 - It was discovered that OpenOffice.org incorrectly handled certain encryption tags in Open Document Text (.odt) files. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2012-2665
SHA-256 | 732af7ab4447e86da664cb28cd27c2933227231e898ccd4393d48db0e3186698
LibreOffice / OpenOffice Code Execution
Posted Aug 10, 2012
Authored by Timo Warns | Site pre-cert.de

LibreOffice versions prior to 3.5.5 and Apache OpenOffice versions 3.4.0 and below suffer from a code execution vulnerability.

tags | advisory, code execution
advisories | CVE-2012-2665
SHA-256 | 3885049d1011ea25a22ee7462ec84341203997a45057579787881898c872ee6b
Mandriva Linux Security Advisory 2012-124
Posted Aug 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-124 - Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of openoffice.org. An attacker could create a specially-crafted file in the Open Document Format for Office Applications format which when opened could cause arbitrary code execution. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary, code execution
systems | linux, mandriva
advisories | CVE-2012-2665
SHA-256 | edc8b7b8881c532d8f8356f8d5b99ea70350faa5a1cf0f3b1fa7e7452ab11967
Secunia Security Advisory 50135
Posted Aug 3, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 3e23076ea797a8d6aafedb22dbc607794c8f7cacc01260c9477e0fdaef685928
Debian Security Advisory 2520-1
Posted Aug 3, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2520-1 - Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2012-2665
SHA-256 | 01058fb3e73899f5614de4378a1f281d11b663b075a75d78a87026487124e896
Secunia Security Advisory 50156
Posted Aug 2, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | 50db47b73dcfa5c7b79741571daae38bb67a7e808b3ce1c9e9ddc2dce8d320c4
Red Hat Security Advisory 2012-1136-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
SHA-256 | b59bd2e586688730a92ac126349c089bef1303f0b4131b5918f5c095da0db017
Secunia Security Advisory 49784
Posted Jul 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, ubuntu
SHA-256 | 3583b7f00603e29fbe89ecdd9aff42d5208018b0fe7097e5d4f954f0e5d78bd5
Ubuntu Security Notice USN-1496-1
Posted Jul 3, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1496-1 - A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334, CVE-2011-2685, CVE-2011-2713, CVE-2012-1149, CVE-2012-2334
SHA-256 | 6d337c7be5b6468659a8a20b6abfe0b12aceb6daf7137e5e7fc42af784c51ab0
Red Hat Security Advisory 2012-1043-01
Posted Jun 26, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1043-01 - libwpd is a library for reading and converting Corel WordPerfect Office documents. A buffer overflow flaw was found in the way libwpd processed certain Corel WordPerfect Office documents. An attacker could provide a specially-crafted .wpd file that, when opened in an application linked against libwpd, such as OpenOffice.org, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. All libwpd users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications that are linked against libwpd must be restarted for this update to take effect.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2149
SHA-256 | e23252ae448c1a44a7f03eeeafc940ab7c8d750681fe5a9dbffb9731f0bfe7c1
Mandriva Linux Security Advisory 2012-090
Posted Jun 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-090 - An integer overflow vulnerability in the openoffice.org graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. An integer overflow flaw, leading to buffer overflow, was found in the way openoffice.org processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause openoffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running openoffice.org. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | 0ad71e285918b64c0c397f175db7374700a819eb6f38bdb934f39f35d2d36b21
Debian Security Advisory 2487-1
Posted Jun 8, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2487-1 - It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution.

tags | advisory, arbitrary, code execution
systems | linux, debian
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | 2d9dc06a415f8fc293156688adb0ebd1a69dcf3baec35646794fe891a2131701
Secunia Security Advisory 49373
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | 2faeeb4f0b4e2b6f1ef2d698efdd3e1fed2654a6f1ad76c1c2529815b69daeca
Secunia Security Advisory 49392
Posted Jun 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
systems | linux, redhat
SHA-256 | de541c3a2c60d5dd0c3af63285aef20d3a8a93723cd81e1cdb74cf25e4e06b78
Red Hat Security Advisory 2012-0705-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-1149, CVE-2012-2334
SHA-256 | 6a657f9b42a90e909284ccc79fb9187564b90245173cbab2a1f6851f0a6a3370
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
Posted May 24, 2012
Site metasploit.com

This Metasploit module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user.

tags | exploit, arbitrary, code execution
systems | windows
advisories | CVE-2008-0320, OSVDB-44472
SHA-256 | 7f7fa7d76079ea7a99a629f8223bcb4b881b275d2d9b9c051e830361276e7852
libwpd WPXContentListener::_closeTableRow() Memory Overwrite
Posted May 18, 2012
Authored by Kestutis Gudinavicius | Site sec-consult.com

OpenOffice.org includes the customized libwpd version 0.8.8 library for parsing WordPerfect documents. The used version of the libwpd library suffers from a memory overwrite vulnerability when reading a specially crafted WPD file. Successful exploitation of this vulnerability could result in an arbitrary code execution within the OpenOffice.org software suite.

tags | advisory, arbitrary, code execution
advisories | CVE-2012-2149
SHA-256 | c0fbf3513a8c6f3a2d74cceeb3b60aa04aa8253399451b37f5db876426268ecb
Secunia Security Advisory 46992
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

tags | advisory, vulnerability
SHA-256 | f063a5510329b56c3ac4946d004c2202d711c7b1be448013c79b5df0d17c8b6b
Secunia Security Advisory 49140
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

tags | advisory
systems | linux, debian
SHA-256 | 080144f9bde34a7b4d378e1ddc39f23f994352116f2fd1f3ee01dfae752d3186
OpenOffice.org 3.3.0 Powerpoint Denial Of Service
Posted May 17, 2012
Authored by Sven Jacobias

A review of the code in filter/source/msfilter msdffimp.cxx in OpenOffice.org versions 3.3 and 3.4 Beta revealed some unchecked memory allocations, which could be exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions. From this vulnerability a denial of service attack is possible.

tags | advisory, denial of service
advisories | CVE-2012-2334
SHA-256 | 37ba90753876b3352a8f998736c035b6682c16dcc663dc0b8448e6d9efb6e4d3
OpenOffice.org Memory Overwrite
Posted May 16, 2012
Authored by Kestutis Gudinavicius

OpenOffice.org versions 3.3 and 3.4 Beta suffer from a memory overwrite vulnerability.

tags | advisory
advisories | CVE-2012-2149
SHA-256 | 8835dab05febe30ee3df1bb4c48de2c02504156f840dc2d1d9c1e0014179f8ce
Debian Security Advisory 2473-1
Posted May 16, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2473-1 - Tielei Wang discovered that OpenOffice.org does not allocate a large enough memory region when processing a specially crafted JPEG object, leading to a heap-based buffer overflow and potentially arbitrary code execution.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2012-1149
SHA-256 | 68e370faf2beb6cdbf84c61722cf35114006eff0082075706e518107a0b26ec1
OpenOffice.org vclmi.dll Integer Overflow
Posted May 16, 2012
Authored by TieLei Wang

A vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

tags | advisory, overflow
advisories | CVE-2012-1149
SHA-256 | 9b9385109737f1c4e076d9b046209fed8fd0d8cc5001274e0f5a3f2bbb355d40
Secunia Security Advisory 48529
Posted Mar 25, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
systems | linux, redhat
SHA-256 | 96d448b1840a976286bf18e56871dc8b512ec4601208162789d255caa5de751f
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close