Computer Security
[EN] securityvulns.ru no-pyccku


OpenOffice multiple security vulnerabilities
Published:20.04.2008
Source:
SecurityVulns ID:8926
Type:client
Threat Level:
6/10
Description:multiple buffer overflows and integer overflows on QPRO (Quattro Pro), EMF and Microsoft Office files parsing.
CVE:CVE-2008-0320
 CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.)
 CVE-2007-5746
 CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.)
Original documentdocumentIDEFENSE, iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice QPRO File Parsing Integer Underflow Vulnerability (20.04.2008)
 documentIDEFENSE, iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice QPRO Multiple Heap Overflow Vulnerabilities (20.04.2008)
 documentIDEFENSE, iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice EMF EMR_BITBLT Record Integer Overflow Vulnerability (20.04.2008)
 documentIDEFENSE, iDefense Security Advisory 04.17.08: Multiple Vendor OpenOffice OLE DocumentSummaryInformation Heap Overflow Vulnerability (20.04.2008)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod