Computer Security
[EN] securityvulns.ru no-pyccku


KOffice / Calligra code execution
Published:13.08.2012
Source:
SecurityVulns ID:12502
Type:local
Threat Level:
5/10
Description:Code execution on MS Word document parsing.
Affected:KDE : KOffice 2.3
 CALLIGRA : Calligra 2.4
CVE:CVE-2012-3456 (Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.)
 CVE-2012-3455 (Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.)
Original documentdocumentUBUNTU, [USN-1526-1] KOffice vulnerability (13.08.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod