openoffice -- DOC document heap overflow vulnerability
Description:
AD-LAB reports that a heap-based buffer overflow
vulnerability exists in OpenOffice's handling of DOC
documents. When reading a DOC document 16 bit from a 32 bit
integer is used for memory allocation, but the full 32 bit
is used for further processing of the document. This can
allow an attacker to crash OpenOffice, or potentially
execute arbitrary code as the user running OpenOffice, by
tricking an user into opening a specially crafted DOC
document.
References:
Affects:
- openoffice <1.1.4_2
- openoffice >2.* <=2.0.20050406
- ar-openoffice <1.1.4_2
- ar-openoffice >2.* <=2.0.20050406
- ca-openoffice <1.1.4_2
- ca-openoffice >2.* <=2.0.20050406
- cs-openoffice <1.1.4_2
- cs-openoffice >2.* <=2.0.20050406
- de-openoffice <1.1.4_2
- de-openoffice >2.* <=2.0.20050406
- dk-openoffice <1.1.4_2
- dk-openoffice >2.* <=2.0.20050406
- el-openoffice <1.1.4_2
- el-openoffice >2.* <=2.0.20050406
- es-openoffice <1.1.4_2
- es-openoffice >2.* <=2.0.20050406
- et-openoffice <1.1.4_2
- et-openoffice >2.* <=2.0.20050406
- fi-openoffice <1.1.4_2
- fi-openoffice >2.* <=2.0.20050406
- fr-openoffice <1.1.4_2
- fr-openoffice >2.* <=2.0.20050406
- gr-openoffice <1.1.4_2
- gr-openoffice >2.* <=2.0.20050406
- hu-openoffice <1.1.4_2
- hu-openoffice >2.* <=2.0.20050406
- it-openoffice <1.1.4_2
- it-openoffice >2.* <=2.0.20050406
- ja-openoffice <1.1.4_2
- ja-openoffice >2.* <=2.0.20050406
- ko-openoffice <1.1.4_2
- ko-openoffice >2.* <=2.0.20050406
- nl-openoffice <1.1.4_2
- nl-openoffice >2.* <=2.0.20050406
- pl-openoffice <1.1.4_2
- pl-openoffice >2.* <=2.0.20050406
- pt-openoffice <1.1.4_2
- pt-openoffice >2.* <=2.0.20050406
- pt_BR-openoffice <1.1.4_2
- pt_BR-openoffice >2.* <=2.0.20050406
- ru-openoffice <1.1.4_2
- ru-openoffice >2.* <=2.0.20050406
- se-openoffice <1.1.4_2
- se-openoffice >2.* <=2.0.20050406
- sk-openoffice <1.1.4_2
- sk-openoffice >2.* <=2.0.20050406
- sl-openoffice-SI <1.1.4_2
- sl-openoffice-SI >2.* <=2.0.20050406
- tr-openoffice <1.1.4_2
- tr-openoffice >2.* <=2.0.20050406
- zh-openoffice-CN <1.1.4_2
- zh-openoffice-CN >2.* <=2.0.20050406
- zh-openoffice-TW <1.1.4_2
- zh-openoffice-TW >2.* <=2.0.20050406
- jp-openoffice <1.1.4_2
- jp-openoffice >2.* <=2.0.20050406
- kr-openoffice <1.1.4_2
- kr-openoffice >2.* <=2.0.20050406
- sl-openoffice-SL <1.1.4_2
- sl-openoffice-SL >2.* <=2.0.20050406
- zh-openoffice <1.1.4_2
- zh-openoffice >2.* <=2.0.20050406
- zh_TW-openoffice <1.1.4_2
- zh_TW-openoffice >2.* <=2.0.20050406
- openoffice >=6.0.a609 <=6.0.a638
- openoffice >=641c <=645
- openoffice =1.1RC4
- openoffice =1.1rc5
- ja-openoffice >=6.0.a609 <=6.0.a638
- ja-openoffice >=641c <=645
- ja-openoffice =1.1RC4
- ja-openoffice =1.1rc5
portaudit: openoffice -- DOC document heap overflow vulnerability
Disclaimer: The data contained on this page is derived from the VuXML document,
please refer to the the original document for copyright information. The author of
portaudit makes no claim of authorship or ownership of any of the information contained herein.
If you have found a vulnerability in a FreeBSD port not listed in the
database, please contact the
FreeBSD Security Officer. Refer to
"FreeBSD Security
Information" for more information.
Oliver Eikemeier <eik@FreeBSD.org>