Vulnerabilities > CVE-2007-0239 - Remote Shell Command Execution vulnerability in OpenOffice Meta Character
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS10_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-02 modified 2018-08-22 plugin id 22960 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22960 title Solaris 5.10 (sparc) : 120185-19 code #%NASL_MIN_LEVEL 80502 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(22960); script_version("1.33"); script_name(english: "Solaris 5.10 (sparc) : 120185-19"); script_cve_id("CVE-2006-2198", "CVE-2006-3117", "CVE-2006-5870", "CVE-2007-0002", "CVE-2007-0238", "CVE-2007-0239", "CVE-2007-0245", "CVE-2007-1466", "CVE-2007-2754", "CVE-2007-2834", "CVE-2007-4575"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 120185-19"); script_set_attribute(attribute: "description", value: 'StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/120185-19"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94); script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/06"); script_cvs_date("Date: 2019/10/25 13:36:23"); script_set_attribute(attribute:"patch_publication_date", value: "2006/07/30"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/30"); script_end_attributes(); script_summary(english: "Check for patch 120185-19"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix.");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0033.NASL description Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. Red Hat would like to thank Fridrich Strba for alerting us to the issue CVE-2007-1466 and providing a patch, and John Heasman for CVE-2007-0238. last seen 2020-06-01 modified 2020-06-02 plugin id 24877 published 2007-03-26 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24877 title CentOS 3 / 4 : openoffice.org (CESA-2007:0033) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0033 and # CentOS Errata and Security Advisory 2007:0033 respectively. # include("compat.inc"); if (description) { script_id(24877); script_version("1.17"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-0238", "CVE-2007-0239", "CVE-2007-1466"); script_bugtraq_id(22812, 23006, 23067); script_xref(name:"RHSA", value:"2007:0033"); script_name(english:"CentOS 3 / 4 : openoffice.org (CESA-2007:0033)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. Red Hat would like to thank Fridrich Strba for alerting us to the issue CVE-2007-1466 and providing a patch, and John Heasman for CVE-2007-0238." ); # https://lists.centos.org/pipermail/centos-announce/2007-March/013628.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e0b13f62" ); # https://lists.centos.org/pipermail/centos-announce/2007-March/013629.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f8fb2311" ); # https://lists.centos.org/pipermail/centos-announce/2007-March/013635.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?38bb6440" ); # https://lists.centos.org/pipermail/centos-announce/2007-March/013636.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ad7a5339" ); script_set_attribute( attribute:"solution", value:"Update the affected openoffice.org packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openoffice.org"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openoffice.org-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openoffice.org-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:openoffice.org-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/03/16"); script_set_attribute(attribute:"patch_publication_date", value:"2007/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/03/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"openoffice.org-1.1.2-38.2.0.EL3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"openoffice.org-1.1.2-38.2.0.EL3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"openoffice.org-i18n-1.1.2-38.2.0.EL3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"openoffice.org-i18n-1.1.2-38.2.0.EL3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"i386", reference:"openoffice.org-libs-1.1.2-38.2.0.EL3")) flag++; if (rpm_check(release:"CentOS-3", cpu:"x86_64", reference:"openoffice.org-libs-1.1.2-38.2.0.EL3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"openoffice.org-1.1.5-10.6.0.EL4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"openoffice.org-1.1.5-10.6.0.EL4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"openoffice.org-i18n-1.1.5-10.6.0.EL4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"openoffice.org-i18n-1.1.5-10.6.0.EL4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"openoffice.org-kde-1.1.5-10.6.0.EL4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"openoffice.org-libs-1.1.5-10.6.0.EL4")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"openoffice.org-libs-1.1.5-10.6.0.EL4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org / openoffice.org-i18n / openoffice.org-kde / etc"); }
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23617 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23617 title Solaris 5.9 (x86) : 120190-19 code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated as the associated patch is not # currently a recommended security fix. # # Disabled on 2011/09/17. # # (C) Tenable Network Security, Inc. # # if ( ! defined_func("bn_random") ) exit(0); include("compat.inc"); if(description) { script_id(23617); script_version("1.31"); script_name(english: "Solaris 5.9 (x86) : 120190-19"); script_cve_id("CVE-2006-2198", "CVE-2006-3117", "CVE-2006-5870", "CVE-2007-0002", "CVE-2007-0238", "CVE-2007-0239", "CVE-2007-0245", "CVE-2007-1466", "CVE-2007-2754", "CVE-2007-2834", "CVE-2007-4575"); script_set_attribute(attribute: "synopsis", value: "The remote host is missing Sun Security Patch number 120190-19"); script_set_attribute(attribute: "description", value: 'StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09'); script_set_attribute(attribute: "solution", value: "You should install this patch for your system to be up-to-date."); script_set_attribute(attribute: "see_also", value: "https://getupdates.oracle.com/readme/120190-19"); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(94); script_set_attribute(attribute:"plugin_publication_date", value: "2006/11/06"); script_cvs_date("Date: 2018/08/22 16:49:14"); script_set_attribute(attribute:"patch_publication_date", value: "2006/07/30"); script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/30"); script_end_attributes(); script_summary(english: "Check for patch 120190-19"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); family["english"] = "Solaris Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Solaris/showrev"); exit(0); } # Deprecated. exit(0, "The associated patch is not currently a recommended security fix."); include("solaris.inc"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-base", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-calc", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core01", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core02", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core03", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core04", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core05", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core06", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core07", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core08", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-core09", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-draw", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-gnome-integration", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-graphicfilter", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-impress", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-ja-fonts", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-ja-help", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-ja-res", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-ja", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-javafilter", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-ko-help", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-ko-res", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-ko", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-lngutils", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-math", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-onlineupdate", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-sunsearchtoolbar", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-writer", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-xsltfilter", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-zh-CN-help", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-zh-CN-res", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-zh-CN", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-zh-TW-help", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-zh-TW-res", version:"8.0.0,REV=106.2005.05.26"); e += solaris_check_patch(release:"5.9_x86", arch:"i386", patch:"120190-19", obsoleted_by:"", package:"SUNWstarsuite-zh-TW", version:"8.0.0,REV=106.2005.05.26"); if ( e < 0 ) { if ( NASL_LEVEL < 3000 ) security_hole(0); else security_hole(port:0, extra:solaris_get_report()); exit(0); } exit(0, "Host is not affected");
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-444-1.NASL description A stack overflow was discovered in OpenOffice.org last seen 2020-06-01 modified 2020-06-02 plugin id 28041 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28041 title Ubuntu 5.10 / 6.06 LTS / 6.10 : openoffice.org(2)/-amd64, ia32-libs-openoffice.org vulnerabilities (USN-444-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-073.NASL description Stack-based buffer overflow in the StarCalc parser in OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary code via a crafted document. (CVE-2007-0238) OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. (CVE-2007-0239) Updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24941 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24941 title Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:073) NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23616 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23616 title Solaris 5.9 (x86) : 120186-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120186-23.NASL description StarOffice 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107857 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107857 title Solaris 10 (x86) : 120186-23 NASL family Solaris Local Security Checks NASL id SOLARIS10_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2018-09-02 modified 2018-08-22 plugin id 22961 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22961 title Solaris 5.10 (sparc) : 120189-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120190-23.NASL description StarSuite 8 (Solaris_x86): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107858 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107858 title Solaris 10 (x86) : 120190-23 NASL family Solaris Local Security Checks NASL id SOLARIS9_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23558 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23558 title Solaris 5.9 (sparc) : 120189-19 NASL family Solaris Local Security Checks NASL id SOLARIS10_120189-23.NASL description StarSuite 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107356 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107356 title Solaris 10 (sparc) : 120189-23 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0069.NASL description Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63838 published 2013-01-24 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63838 title RHEL 5 : openoffice.org (RHSA-2007:0069) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200704-12.NASL description The remote host is affected by the vulnerability described in GLSA-200704-12 (OpenOffice.org: Multiple vulnerabilities) John Heasman of NGSSoftware has discovered a stack-based buffer overflow in the StarCalc parser and an input validation error when processing metacharacters in a link. Also OpenOffice.Org includes code from libwpd making it vulnerable to heap-based overflows when converting WordPerfect document tables (GLSA 200704-07). Impact : A remote attacker could entice a user to open a specially crafted document, possibly leading to execution of arbitrary code with the rights of the user running OpenOffice.org. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 25057 published 2007-04-19 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25057 title GLSA-200704-12 : OpenOffice.org: Multiple vulnerabilities NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2018-09-01 modified 2018-08-22 plugin id 22994 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22994 title Solaris 5.10 (x86) : 120190-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_120189.NASL description StarSuite 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23420 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23420 title Solaris 5.8 (sparc) : 120189-19 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0033.NASL description From Red Hat Security Advisory 2007:0033 : Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. Red Hat would like to thank Fridrich Strba for alerting us to the issue CVE-2007-1466 and providing a patch, and John Heasman for CVE-2007-0238. last seen 2020-06-01 modified 2020-06-02 plugin id 67443 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67443 title Oracle Linux 3 / 4 : openoffice.org (ELSA-2007-0033) NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-2651.NASL description Following security problems were fixed in OpenOffice_org : This update also brings OpenOffice_org to version 2.0.4.17, same as SUSE Linux Enterprise Desktop 10 and contains lots of bugfixes. It also contains support for the Office XML converter hooks. - Various problems were fixed in the Wordperfect converter library libwpd in OpenOffice_org which could be used by remote attackers to potentially execute code or crash OpenOffice_org. (CVE-2007-0002) - A stack overflow in the StarCalc parser could be used by remote attackers to potentially execute code by supplying a crafted document. (CVE-2007-0238) - A shell quoting problem when opening URLs was fixed which could be used by remote attackers to execute code by supplying a crafted document and making the user click on an embedded link. (CVE-2007-0239) last seen 2020-06-01 modified 2020-06-02 plugin id 29365 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29365 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 2651) NASL family Fedora Local Security Checks NASL id FEDORA_2007-376.NASL description CVE-2007-0239 rhbz#228008 potential shell escape problem in some hyperlinks CVE-2007-0238 rhbz#226966 potential buffer overflows in calc legacy file format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24923 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24923 title Fedora Core 6 : openoffice.org-2.0.4-5.5.17 (2007-376) NASL family Solaris Local Security Checks NASL id SOLARIS8_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23419 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23419 title Solaris 5.8 (sparc) : 120185-19 NASL family Fedora Local Security Checks NASL id FEDORA_2007-375.NASL description CVE-2007-0239 rhbz#228008 potential shell escape problem in some hyperlinks CVE-2007-0238 rhbz#226966 potential buffer overflows in calc legacy file format Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24922 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24922 title Fedora Core 5 : openoffice.org-2.0.2-5.21.2 (2007-375) NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-2652.NASL description Following security problems were fixed in OpenOffice_org : CVE-2007-0002: Various problems were fixed in the Wordperfect converter library libwpd in OpenOffice_org which could be used by remote attackers to potentially execute code or crash OpenOffice_org. CVE-2007-0238: A stack overflow in the StarCalc parser could be used by remote attackers to potentially execute code by supplying a crafted document. CVE-2007-0239: A shell quoting problem when opening URLs was fixed which could be used by remote attackers to execute code by supplying a crafted document and making the user click on an embedded link. Also support for the upcoming ODF - OfficeXML converter was added. last seen 2020-06-01 modified 2020-06-02 plugin id 27136 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27136 title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2652) NASL family Solaris Local Security Checks NASL id SOLARIS10_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2018-09-01 modified 2018-08-22 plugin id 22993 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=22993 title Solaris 5.10 (x86) : 120186-19 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1270.NASL description Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-0002 iDefense reported several integer overflow bugs in libwpd, a library for handling WordPerfect documents that is included in OpenOffice.org. Attackers are able to exploit these with carefully crafted WordPerfect files that could cause an application linked with libwpd to crash or possibly execute arbitrary code. - CVE-2007-0238 Next Generation Security discovered that the StarCalc parser in OpenOffice.org contains an easily exploitable stack overflow that could be used by a specially crafted document to execute arbitrary code. - CVE-2007-0239 It has been reported that OpenOffice.org does not escape shell meta characters and is hence vulnerable to execute arbitrary shell commands via a specially crafted document after the user clicked to a prepared link. This updated advisory only provides packages for the upcoming etch release alias Debian GNU/Linux 4.0. last seen 2020-06-01 modified 2020-06-02 plugin id 24879 published 2007-03-26 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24879 title Debian DSA-1270-2 : openoffice.org - several vulnerabilities NASL family Windows NASL id OPENOFFICE_220.NASL description The remote host is running a version of Sun Microsystems OpenOffice.org that is prior to version 2.2. It is, therefore, affected by a stack-based buffer overflow vulnerability in its handling of StarCalc documents. If a remote attacker can trick a user into opening a specially crafted StarCalc document, the attacker can execute arbitrary code on the remote host subject to the user last seen 2020-06-01 modified 2020-06-02 plugin id 25004 published 2007-04-06 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25004 title Sun OpenOffice.org < 2.2 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-2682.NASL description Following security problems were fixed in OpenOffice_org : This update also brings OpenOffice_org to version 2.0.4.17, same as SUSE Linux Enterprise Desktop 10 and contains lots of bugfixes. CVE-2007-0002: Various problems were fixed in the Wordperfect converter library libwpd in OpenOffice_org which could be used by remote attackers to potentially execute code or crash OpenOffice_org. CVE-2007-0238: A stack overflow in the StarCalc parser could be used by remote attackers to potentially execute code by supplying a crafted document. CVE-2007-0239: A shell quoting problem when opening URLs was fixed which could be used by remote attackers to execute code by supplying a crafted document and making the user click on an embedded link. Also support for the upcoming ODF - OfficeXML converter was added. last seen 2020-06-01 modified 2020-06-02 plugin id 27137 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27137 title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-2682) NASL family Solaris Local Security Checks NASL id SOLARIS10_120185-23.NASL description StarOffice 8 (Solaris): Update 18. Date this patch was last updated by Sun : Mar/15/11 last seen 2020-06-01 modified 2020-06-02 plugin id 107355 published 2018-03-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/107355 title Solaris 10 (sparc) : 120185-23 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0033.NASL description Updated openoffice.org packages to correct security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. iDefense reported an integer overflow flaw in libwpd, a library used internally to OpenOffice.org for handling Word Perfect documents. An attacker could create a carefully crafted Word Perfect file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-1466) John Heasman discovered a stack overflow in the StarCalc parser in OpenOffice.org. An attacker could create a carefully crafted StarCalc file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0238) Flaws were discovered in the way OpenOffice.org handled hyperlinks. An attacker could create an OpenOffice.org document which could run commands if a victim opened the file and clicked on a malicious hyperlink. (CVE-2007-0239) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues. Red Hat would like to thank Fridrich Strba for alerting us to the issue CVE-2007-1466 and providing a patch, and John Heasman for CVE-2007-0238. last seen 2020-06-01 modified 2020-06-02 plugin id 24896 published 2007-03-26 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24896 title RHEL 3 / 4 : openoffice.org (RHSA-2007:0033) NASL family Solaris Local Security Checks NASL id SOLARIS9_120185.NASL description StarOffice 8 (Solaris): Update 14. Date this patch was last updated by Sun : Sep/09/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23557 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23557 title Solaris 5.9 (sparc) : 120185-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_120186.NASL description StarOffice 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/10/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23467 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23467 title Solaris 5.8 (x86) : 120186-19 NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_120190.NASL description StarSuite 8 (Solaris_x86): Update 14. Date this patch was last updated by Sun : Sep/11/09 last seen 2016-09-26 modified 2011-09-18 plugin id 23468 published 2006-11-06 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=23468 title Solaris 5.8 (x86) : 120190-19
Oval
accepted | 2013-04-29T04:13:56.246-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:11422 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. | ||||||||||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html
- http://secunia.com/advisories/24465
- http://secunia.com/advisories/24550
- http://secunia.com/advisories/24588
- http://secunia.com/advisories/24613
- http://secunia.com/advisories/24646
- http://secunia.com/advisories/24647
- http://secunia.com/advisories/24676
- http://secunia.com/advisories/24810
- http://secunia.com/advisories/24906
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1
- http://www.debian.org/security/2007/dsa-1270
- http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:073
- http://www.redhat.com/support/errata/RHSA-2007-0033.html
- http://www.redhat.com/support/errata/RHSA-2007-0069.html
- http://www.securityfocus.com/bid/22812
- http://www.securitytracker.com/id?1017799
- http://www.ubuntu.com/usn/usn-444-1
- http://www.vupen.com/english/advisories/2007/1032
- http://www.vupen.com/english/advisories/2007/1117
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33113
- https://issues.foresightlinux.org/browse/FL-211
- https://issues.rpath.com/browse/RPL-1118
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11422