Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28437
HistoryAug 29, 2012 - 12:00 a.m.

CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0

2012-08-2900:00:00
vulners.com
23
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2012-2665 Manifest-processing errors in Apache OpenOffice 3.4.0

Reference: http://www.openoffice.org/security/cves/CVE-2012-2665.html

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

Apache OpenOffice 3.4.0, all languages, all platforms.
Earlier versions of OpenOffice.org may be also affected.

Description:

When OpenOffice reads an ODF document, it first loads and processes
an XML stream within the file called the manifest. Apache OpenOffice
3.4.0 has logic errors that allows a carefully crafted manifest to
cause reads and writes beyond allocated buffers.

No specific exploit has been demonstrated in this case, though such
flaws generally are conducive to exploitation, possibly including
denial of service and elevation of privilege.

Mitigation

OpenOffice users are advised to upgrade to Apache OpenOffice 3.4.1:

http://www.openoffice.org/download/

Users who are unable to upgrade immediately should exercise caution
when opening untrusted ODF documents.

Credits

The Apache OpenOffice Security Team acknowledges Timo Warns of
PRESENSE Technologies GmbH as the discoverer of these flaws.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQO9pNAAoJEGFAoYdHzLzHMTgP/RhtW9cIbb1YgNiQIjZgmhfd
EfTDVsVa/mhSVwCcMF5oyJN1SYrscxK94NlcXOAhWZ/utPwCLev5Pv3BE8Y1gZ8Y
LJoGtFaxbByzbixAOtOqAWR3b84QM2wjDgqd6Cf7Yio00Wgeqs4vrvAkwCCNKroa
7iOZfhw/3kV8spiMIYTESz+OIzZ09NOz9G36hFn3Yn5CHTcbO0sPE9hJGVhE8Y6Q
92plJKcAgXFv8hdjQwGeda8H40jQqv86/FbDtn9muMtJICozlHQyhdk26E3up0Yo
IUnN522h4PJyq3zvs9GRbLPh6RS3zpMt82Sz6MG8lgKkKcGFxmjGHHQeFTh2QLd9
opghFYVtYjHdDnj9g5/iKEPkXxE//DXDtrfk/AP29WOMSupXwh5yq5blvpUmFODB
FdfBxPyefRmYWarA1DN5IhnT17MjyHlrAX/wY6NJjurjsJWCKpbc2jeaNgmLMTDH
IBiKWygALM7E2Qk/a3cRKCfFdsJxAQ15UMFNzTh6k4iXyWZpzDoBg+DPpN6GCHQy
SyH8aOSjufuCyGk/yoS6d+NZcl91g3FSsvnP/8nuCsYex5GKVLR/ffXi4YIcKDQK
6Z2tgGLn6xadmj63hWb91GMvIfw1n9mJ9JXGn0gzhnr5xvix+JOGKKjW9tvV492S
WCdOJJ8o6cV4lJqeIeGm
=xMKS
-----END PGP SIGNATURE-----

Related

oraclelinux 1
nessus 18
openvas 24
centos 2
securityvulns 3
cve 1
redhat 2
debian 1
ubuntucve 1
ubuntu 2
prion 1
debiancve 1
fedora 1
gentoo 2
oraclelinux
oraclelinux
libreoffice security update
2012-08-01 00:00:00
nessus
nessus
CentOS 5 : openoffice.org (CESA-2012:1136)
2012-08-03 00:00:00
LibreOffice < 3.5.5 Multiple Heap-Based Buffer Overflows
2012-08-06 00:00:00
Apache OpenOffice < 3.4.1 Multiple Heap-Based Buffer Overflows
2012-08-30 00:00:00
openvas
openvas
LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows)
2012-12-24 00:00:00
CentOS Update for autocorr-af CESA-2012:1135 centos6
2012-08-03 00:00:00
CentOS Update for autocorr-af CESA-2012:1135 centos6
2012-08-03 00:00:00
centos
centos
autocorr, libreoffice security update
2012-08-02 05:10:15
openoffice.org security update
2012-08-02 03:27:53
securityvulns
securityvulns
[SECURITY] [DSA 2520-1] openoffice.org security update
2012-08-06 00:00:00
[PRE-SA-2012-05] Multiple heap-based buffer overflows in LibreOffice / OpenOffice
2012-08-13 00:00:00
OpenOffice security vulnerabilities
2012-08-29 00:00:00
cve
cve
CVE-2012-2665
2012-08-06 18:55:00
redhat
redhat
(RHSA-2012:1136) Important: openoffice.org security update
2012-08-01 00:00:00
(RHSA-2012:1135) Important: libreoffice security update
2012-08-01 00:00:00
debian
debian
[SECURITY] [DSA 2520-1] openoffice.org security update
2012-08-02 19:31:04
ubuntucve
ubuntucve
CVE-2012-2665
2012-08-01 00:00:00
ubuntu
ubuntu
OpenOffice.org vulnerability
2012-08-13 00:00:00
LibreOffice vulnerability
2012-08-13 00:00:00
prion
prion
Heap overflow
2012-08-06 18:55:00
debiancve
debiancve
CVE-2012-2665
2012-08-06 18:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: libreoffice-3.4.5.2-18.fc16
2012-08-10 22:37:08
gentoo
gentoo
LibreOffice: Multiple vulnerabilities
2012-09-24 00:00:00
OpenOffice, LibreOffice: Multiple vulnerabilities
2014-08-31 00:00:00
JSON
Related for SECURITYVULNS:DOC:28437
oraclelinux1nessus18openvas24centos2securityvulns3cve1redhat2debian1ubuntucve1ubuntu2prion1debiancve1fedora1gentoo2