Vulnerabilities > CVE-2004-0645
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 | |
Application | 4 |
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200407-11.NASL description The remote host is affected by the vulnerability described in GLSA-200407-11 (wv: Buffer overflow vulnerability) A use of strcat without proper bounds checking leads to an exploitable buffer overflow. The vulnerable code is executed when wv encounters an unrecognized token, so a specially crafted file, loaded in wv, can trigger the vulnerable code and execute its own arbitrary code. This exploit is only possible when the user loads the document into HTML view mode. Impact : By inducing a user into running wv on a special file, an attacker can execute arbitrary code with the permissions of the user running the vulnerable program. Workaround : Users should not view untrusted documents with wvHtml or applications using wv. When loading an untrusted document in an application using the wv library, make sure HTML view is disabled. last seen 2020-06-01 modified 2020-06-02 plugin id 14544 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14544 title GLSA-200407-11 : wv: Buffer overflow vulnerability NASL family Debian Local Security Checks NASL id DEBIAN_DSA-579.NASL description A buffer overflow vulnerability has been discovered in the wv library, used for converting and previewing word documents. On exploitation an attacker could execute arbitrary code with the privileges of the user running the vulnerable application. last seen 2020-06-01 modified 2020-06-02 plugin id 15677 published 2004-11-10 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15677 title Debian DSA-579-1 : abiword - buffer overflow NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-077.NASL description iDefense discovered a buffer overflow vulnerability in the wv package which could allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. The updated packages are patched to protect against this problem. last seen 2020-06-01 modified 2020-06-02 plugin id 14175 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14175 title Mandrake Linux Security Advisory : wv (MDKSA-2004:077) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-550.NASL description iDEFENSE discovered a buffer overflow in the wv library, used to convert and preview Microsoft Word documents. An attacker could create a specially crafted document that could lead wvHtml to execute arbitrary code on the victims machine. last seen 2020-06-01 modified 2020-06-02 plugin id 15387 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15387 title Debian DSA-550-1 : wv - buffer overflow
References
- http://cpan.cybercomm.nl/pub/gentoo-portage/app-text/wv/files/wv-1.0.0-fix_overflow.patch
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000863
- http://security.gentoo.org/glsa/glsa-200407-11.xml
- http://www.debian.org/security/2004/dsa-579
- http://www.freebsd.org/ports/portaudit/7a5430df-d562-11d8-b479-02e0185c0b53.html
- http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:077
- http://www.osvdb.org/7761
- https://bugzilla.fedora.us/show_bug.cgi?id=1906
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16660