Vulnerabilities > CVE-2009-2949 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-903-1.NASL description It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. (CVE-2009-0217) Sebastian Apelt and Frank Reissner discovered that OpenOffice did not correctly import XPM and GIF images. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. (CVE-2009-2949, CVE-2009-2950) Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. (CVE-2009-3301, CVE-2009-3302) It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls. (CVE-2010-0136). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 44912 published 2010-02-25 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44912 title Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1941.NASL description - Fri Feb 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.12 - CVE-2009-2950 GIF file parsing heap overflow (caolanm) - CVE-2009-2949 integer overflow in XPM processing (caolanm) - CVE-2009-3301 .doc Table Parsing vulernability (caolanm) - CVE-2009-3302 .doc Table Parsing vulernability (caolanm) - Resolves: rhbz#549890 add workspace.extmgr01.patch (dtardon) - Resolves: rhbz#551983 OpenOffice writer crashes when opening document with link in footnote (dtardon) - Resolves: rhbz#550316 Openoffice.org Impress loses graphics when background color is changed (dtardon) - Resolves: rhbz#553929 [abrt] crash in ColorConfigCtrl_Impl::ScrollHdl (dtardon) - Resolves: rbhz#555257 openoffice cannot use JPEG images using CMYK colorspace (dtardon) - Resolves: rhbz#558342 [abrt] crash in SvxNumOptionsTabPage::InitControls (dtardon) - Tue Dec 15 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.11 - Resolves: rhbz#529648 add workspace.fwk132.patch - Wed Dec 9 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.10 - Resolves: rhbz#545783 add workspace.vcl105.patch (caolanm) - Wed Dec 9 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.9 - add openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch (dtardon) - Resolves: rhbz#533538 OpenOffice keyboard shortcuts mis-map in the Spanish localized version of OOo (caolanm) - Tue Nov 10 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.8 - Resolves: rhbz#533841 ooo#105710 svx loadstorenumbering (caolanm) - Thu Nov 5 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.7 - Resolves: ooo#106523 fix pdf/A export on x86_64 (caolanm) - Thu Nov 5 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.6 - Resolves: rhbz#533146 calc notes go missing on save - Wed Oct 28 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.5 - Resolves: rhbz#531554 add workspace.chart41.patch - Wed Oct 21 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.4 - Resolves: rhbz#522839 crash on exit after loading .doc - Resolves: rhbz#529746 crash on exit after loading .ppt - Mon Sep 7 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.3 - Resolves: rhbz#521460 - wrong UI label for A3/A5 page sizes in translations - Wed Sep 2 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.2 - Resolves: rhbz#520772 copy/paste cockup - Fri Aug 28 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.1 - update to 3.1.1 - Resolves: rhbz#512355 add openoffice.org-3.1.0.ooo103651.canvas.nosubpixel.patc - add workspace.os132.patch to avoid switch html view overwrite horror - Resolves: rhbz#517843 add openoffice.org-3.1.1.ooo104306.moverecentlyused.patch - Resolves: rhbz#514683 add openoffice.org-3.1.1.ooo104329.dbaccess.primarykeys.pa tch - Resolves: rbhz#501141 Images and Frames disappear in sequential printing - backport workspace.vcl102.patch to fix xdg support - add workspace.cmcfixes62.patch for 64bit odbc goodness and rebuild against now 64bit-safe unixODBC headers - Thu Jul 9 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.0-11.5 [plus 13 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47289 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47289 title Fedora 11 : openoffice.org-3.1.1-19.12.fc11 (2010-1941) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0101.NASL description From Red Hat Security Advisory 2010:0101 : Updated openoffice.org packages that correct multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 67995 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67995 title Oracle Linux 3 / 4 : openoffice.org (ELSA-2010-0101) NASL family Scientific Linux Local Security Checks NASL id SL_20100212_OPENOFFICE_ORG_ON_SL4_X.NASL description CVE-2009-2950 openoffice.org: GIF file parsing heap overflow CVE-2009-2949 openoffice.org: integer overflow in XPM processing CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60732 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60732 title Scientific Linux Security Update : openoffice.org on SL4.x i386/x86_64 NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-19.NASL description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77467 published 2014-09-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77467 title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20100212_OPENOFFICE_ORG_ON_SL3_X.NASL description CVE-2009-2950 openoffice.org: GIF file parsing heap overflow CVE-2009-2949 openoffice.org: integer overflow in XPM processing CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60731 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60731 title Scientific Linux Security Update : openoffice.org on SL3.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_0_OPENOFFICE_ORG-100211.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. last seen 2020-06-01 modified 2020-06-02 plugin id 45071 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45071 title openSUSE Security Update : OpenOffice_org (OpenOffice_org-1979) NASL family Scientific Linux Local Security Checks NASL id SL_20100212_OPENOFFICE_ORG_ON_SL5_X.NASL description CVE-2009-2950 openoffice.org: GIF file parsing heap overflow CVE-2009-2949 openoffice.org: integer overflow in XPM processing CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60733 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60733 title Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64 NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1995.NASL description Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0136 It was discovered that macro security settings were insufficiently enforced for VBA macros. - CVE-2009-0217 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This also affects the integrated libxmlsec library. - CVE-2009-2949 Sebastian Apelt discovered that an integer overflow in the XPM import code may lead to the execution of arbitrary code. - CVE-2009-2950 Sebastian Apelt and Frank Reissner discovered that a buffer overflow in the GIF import code may lead to the execution of arbitrary code. - CVE-2009-3301/ CVE-2009-3302 Nicolas Joly discovered multiple vulnerabilities in the parser for Word document files, which may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 44859 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44859 title Debian DSA-1995-1 : openoffice.org - several vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-6883.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2. last seen 2020-06-01 modified 2020-06-02 plugin id 51684 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51684 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6883) NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-6884.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2009-0217) This also provides the maintenance update to OpenOffice.org-3.2. last seen 2020-06-01 modified 2020-06-02 plugin id 51685 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51685 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6884) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-221.NASL description Multiple vulnerabilities was discovered and corrected in the OpenOffice.org : Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow (CVE-2009-2949). Heap-based buffer overflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression (CVE-2009-2950). Integer underflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document (CVE-2009-3301). boundary error flaw allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document (CVE-2009-3302). Lack of properly enforcing Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document (CVE-2010-0136). User-assisted remote attackers are able to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed (CVE-2010-0395). Impress module does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an integer truncation error (CVE-2010-2935). Integer overflow in the Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow (CVE-2010-2936). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 This update provides OpenOffice.org packages have been patched to correct these issues and additional dependent packages. last seen 2020-06-01 modified 2020-06-02 plugin id 50503 published 2010-11-07 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50503 title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:221) NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-100225.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html last seen 2020-06-01 modified 2020-06-02 plugin id 51594 published 2011-01-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51594 title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080) NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100211.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. last seen 2020-06-01 modified 2020-06-02 plugin id 45073 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45073 title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1981) NASL family Windows NASL id OPENOFFICE_32.NASL description The version of Sun Microsystems OpenOffice.org installed on the remote host is prior to version 3.2. It is, therefore, affected by several issues : - Signatures may not be handled properly due to a vulnerability in the libxml2 library. (CVE-2006-4339) - There is an HMAC truncation authentication bypass vulnerability in the libxmlsec library. (CVE-2009-0217) - The application is bundled with a vulnerable version of the Microsoft VC++ runtime. (CVE-2009-2493) - Specially crafted XPM files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2949) - Specially crafted GIF files are not processed properly, which could lead to arbitrary code execution. (CVE-2009-2950) - Specially crafted Microsoft Word documents are not processed properly, which could lead to arbitrary code execution. (CVE-2009-3301 / CVE-2009-3302) last seen 2020-06-01 modified 2020-06-02 plugin id 44597 published 2010-02-12 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/44597 title Sun OpenOffice.org < 3.2 Multiple Vulnerabilities NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0101.NASL description Updated openoffice.org packages that correct multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 44598 published 2010-02-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44598 title CentOS 3 / 4 / 5 : openoffice.org (CESA-2010:0101) NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-100226.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - XML signature weakness. (CVE-2009-0217) - XPM Import Integer Overflow. (CVE-2009-2949) - GIF Import Heap Overflow. (CVE-2009-2950) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3301) - MS Word sprmTDefTable Memory Corruption. (CVE-2009-3302) - In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. (CVE-2010-0136) This also provides the maintenance update to OpenOffice.org-3.2. Details about all upstream changes can be found at http://development.openoffice.org/releases/3.2.0.html last seen 2020-06-01 modified 2020-06-02 plugin id 45064 published 2010-03-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45064 title SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080) NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPENOFFICE_ORG-BASE-DRIVERS-POSTGRESQL-100216.NASL description This update of OpenOffice_org includes fixes for the following vulnerabilities : - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow - CVE-2009-3301: MS Word sprmTDefTable Memory Corruption - CVE-2009-3302: MS Word sprmTDefTable Memory Corruption - CVE-2010-0136: In the ooo-build variant of OpenOffice_org VBA Macro support does not honor Macro security settings. last seen 2020-06-01 modified 2020-06-02 plugin id 45075 published 2010-03-17 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/45075 title openSUSE Security Update : OpenOffice_org-base-drivers-postgresql (OpenOffice_org-base-drivers-postgresql-1980) NASL family Fedora Local Security Checks NASL id FEDORA_2010-1847.NASL description - Fri Feb 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.26 - CVE-2009-2950 GIF file parsing heap overflow (caolanm) - CVE-2009-2949 integer overflow in XPM processing (caolanm) - CVE-2009-3301 .doc Table Parsing vulernability (caolanm) - CVE-2009-3302 .doc Table Parsing vulernability (caolanm) - Resolves: rhbz#561778 openoffice.org-3.2.0.oooXXXXX.svx.safestyledelete.patc h - Resolves: rhbz#561989 openoffice.org-3.2.0.ooo109009.sc.tooltipcrash.patch - Resolves: rhbz#445588 improve same name substitution - Tue Feb 2 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.25 - Resolves: rhbz#549890 add workspace.extmgr01.patch (dtardon) - Resolves: rhbz#551983 OpenOffice writer crashes when opening document with link in footnote (dtardon) - Resolves: rhbz#550316 Openoffice.org Impress loses graphics when background color is changed (dtardon) - Resolves: rhbz#554259 No autocorrect files for Lithuanian (dtardon) - Resolves: rhbz#553929 [abrt] crash in ColorConfigCtrl_Impl::ScrollHdl (dtardon) - Resolves: rhbz#549573 improve document compare (caolanm) - Resolves: rbhz#555257 openoffice cannot use JPEG images using CMYK colorspace (dtardon) - Resolves: rhbz#558342 [abrt] crash in SvxNumOptionsTabPage::InitControls (dtardon) - Resolves: ooo#108637/rhbz#558253 sfx2 uisavedir (caolanm) - Resolves: rhbz#560435 rtf dropcap crash (caolanm) - Resolves: rhbz#560996/rhbz#560353 qstartfixes (caolanm) - Tue Dec 22 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.24 - Resolves: rhbz#545824 bustage in writer with emboldened fonts - Fri Dec 18 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.23 - Resolves: rhbz#548512 workspace.ooo32gsl03.patch - Tue Dec 15 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.22 - Resolves: rhbz#529648 add workspace.fwk132.patch - Resolves: rhbz#547176 add openoffice.org-3.2.0.ooo47279.sd.objectsave.safe.patch - Wed Dec 9 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.21 - Resolves: rhbz#544124 add openoffice.org-3.2.0.ooo106502.svx.fixspelltimer.patch - Resolves: rhbz#544218 add openoffice.org-3.2.0.ooo107552.vcl.sft.patch - Resolves: rhbz#545783 add workspace.vcl105.patch - Fri Nov 27 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.20 - Resolves: rhbz#541222 add openoffice.org-3.2.0.ooo107260.dtrans.clipboard.shutdo wn.patch (caolanm) - Mon Nov 23 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.19 - Resolves: rhbz#540379/ooo#107131 impress tabledrag crash - Resolves: rhbz#540231 add openoffice.org-3.2.0.oooXXXXX.canvas.fixcolorspace.pat ch - add openoffice.org-4.2.0.ooo107151.sc.pop-empty-cell.patch (dtardon) - Resolves: rhbz#533538 OpenOffice keyboard shortcuts mis-map in the Spanish localized version of OOo (caolanm) - Tue Nov 17 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.18 - Resolves: ooo#59648 sw .doc export scaling (caolanm) - Tue Nov 10 2009 Caolan McNamara <caolanm at redhat.com> - 1:3.1.1-19.17 - Resolves: rhbz#533841 ooo#105710 svx loadstorenumbering (caolanm) [plus 8 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 47276 published 2010-07-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/47276 title Fedora 12 : openoffice.org-3.1.1-19.26.fc12 (2010-1847) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0101.NASL description Updated openoffice.org packages that correct multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way OpenOffice.org parsed XPM files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could lead to arbitrary code execution with the permissions of the user running OpenOffice.org. Note: This flaw affects embedded XPM files in OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949) An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parsed certain records in Microsoft Word documents. An attacker could create a specially crafted Microsoft Word document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302) A heap-based buffer overflow flaw, leading to memory corruption, was found in the way OpenOffice.org parsed GIF files. An attacker could create a specially crafted document, which once opened by a local, unsuspecting user, could cause OpenOffice.org to crash. Note: This flaw affects embedded GIF files in OpenOffice.org documents as well as stand-alone GIF files. (CVE-2009-2950) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 44605 published 2010-02-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44605 title RHEL 3 / 4 / 5 : openoffice.org (RHSA-2010:0101) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C97D7A37223311DF96DD001B2134EF46.NASL description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.2 CVE-2006-4339: Potential vulnerability from 3rd party libxml2 libraries CVE-2009-0217: Potential vulnerability from 3rd party libxmlsec libraries CVE-2009-2493: OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC Runtime CVE-2009-2949: Potential vulnerability related to XPM file processing CVE-2009-2950: Potential vulnerability related to GIF file processing CVE-2009-3301/2: Potential vulnerability related to MS-Word document processing last seen 2020-06-01 modified 2020-06-02 plugin id 44922 published 2010-03-01 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44922 title FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46)
Oval
accepted | 2013-04-29T04:02:42.148-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:10176 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. | ||||||||||||||||||||||||||||||||
version | 27 |
Redhat
advisories |
| ||||
rpms |
|
Related news
References
- http://www.debian.org/security/2010/dsa-1995
- http://www.securityfocus.com/bid/38218
- http://securitytracker.com/id?1023591
- http://www.openoffice.org/security/bulletin.html
- http://www.vupen.com/english/advisories/2010/0366
- http://www.openoffice.org/security/cves/CVE-2009-2949.html
- https://bugzilla.redhat.com/show_bug.cgi?id=527540
- http://secunia.com/advisories/38568
- http://www.redhat.com/support/errata/RHSA-2010-0101.html
- http://secunia.com/advisories/38567
- http://www.ubuntu.com/usn/USN-903-1
- http://secunia.com/advisories/38695
- http://www.vupen.com/english/advisories/2010/0635
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html
- http://secunia.com/advisories/38921
- http://www.vupen.com/english/advisories/2010/2905
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
- http://www.us-cert.gov/cas/techalerts/TA10-287A.html
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://secunia.com/advisories/60799
- http://secunia.com/advisories/41818
- http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56236
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10176