Vulnerabilities > CVE-2010-2935 - Numeric Errors vulnerability in Openoffice Openoffice.Org 3.2.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2099.NASL description Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user last seen 2020-06-01 modified 2020-06-02 plugin id 48928 published 2010-08-31 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48928 title Debian DSA-2099-1 : openoffice.org - buffer overflows code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2099. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(48928); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2010-2935", "CVE-2010-2936"); script_bugtraq_id(42202); script_xref(name:"DSA", value:"2099"); script_name(english:"Debian DSA-2099-1 : openoffice.org - buffer overflows"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system and execute arbitrary code. - An integer truncation error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. - A short integer overflow error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2099" ); script_set_attribute( attribute:"solution", value: "Upgrade the openoffice.org packages. For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny8." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openoffice.org"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"broffice.org", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"cli-uno-bridge", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"libmythes-dev", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"libuno-cli-basetypes1.0-cil", reference:"1.0.10.0+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"libuno-cli-cppuhelper1.0-cil", reference:"1.0.13.0+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"libuno-cli-types1.1-cil", reference:"1.1.13.0+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"libuno-cli-ure1.0-cil", reference:"1.0.13.0+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"mozilla-openoffice.org", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-base", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-base-core", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-calc", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-common", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-core", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-dbg", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-dev", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-dev-doc", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-draw", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-dtd-officedocument1.0", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-emailmerge", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-evolution", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-filter-binfilter", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-filter-mobiledev", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-gcj", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-gnome", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-gtk", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-headless", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-cs", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-da", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-de", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-dz", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-en-gb", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-en-us", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-es", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-et", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-eu", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-fr", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-gl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-hi-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-hu", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-it", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-ja", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-km", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-ko", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-nl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-pl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-pt", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-pt-br", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-ru", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-sl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-sv", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-zh-cn", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-help-zh-tw", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-impress", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-java-common", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-kde", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-af", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ar", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-as-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-be-by", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-bg", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-bn", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-br", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-bs", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ca", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-cs", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-cy", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-da", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-de", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-dz", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-el", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-en-gb", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-en-za", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-eo", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-es", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-et", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-eu", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-fa", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-fi", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-fr", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ga", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-gl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-gu-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-he", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-hi-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-hr", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-hu", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-it", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ja", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ka", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-km", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ko", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ku", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-lo", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-lt", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-lv", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-mk", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ml-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-mr-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-nb", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ne", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-nl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-nn", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-nr", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ns", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-or-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-pa-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-pl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-pt", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-pt-br", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ro", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ru", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-rw", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-sk", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-sl", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-sr", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-sr-cs", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ss", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-st", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-sv", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ta-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-te-in", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-tg", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-th", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-tn", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-tr", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ts", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-uk", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-uz", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-ve", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-vi", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-xh", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-za", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-zh-cn", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-zh-tw", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-l10n-zu", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-math", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-officebean", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-ogltrans", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-presentation-minimizer", reference:"1.0+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-qa-api-tests", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-qa-tools", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-report-builder", reference:"1.0.2+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-report-builder-bin", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-sdbc-postgresql", reference:"0.7.6+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-style-andromeda", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-style-crystal", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-style-hicontrast", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-style-industrial", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-style-tango", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"openoffice.org-writer", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"python-uno", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"ttf-opensymbol", reference:"2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"ure", reference:"1.4+OOo2.4.1+dfsg-1+lenny8")) flag++; if (deb_check(release:"5.0", prefix:"ure-dbg", reference:"1.4+OOo2.4.1+dfsg-1+lenny8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Windows NASL id OPENOFFICE_33.NASL description The version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936) - A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450) - Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452) - Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454) - Issues exist in the third-party XPDF library relating to PDF document processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704) - OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494) - An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253) - An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643) last seen 2020-06-01 modified 2020-06-02 plugin id 51773 published 2011-01-27 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51773 title Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(51773); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id( "CVE-2010-2935", "CVE-2010-2936", "CVE-2010-3450", "CVE-2010-3451", "CVE-2010-3452", "CVE-2010-3453", "CVE-2010-3454", "CVE-2010-3702", "CVE-2010-3704", "CVE-2010-4008", "CVE-2010-4253", "CVE-2010-4494", "CVE-2010-4643" ); script_bugtraq_id(42202, 44779, 45617, 46031); script_xref(name:"Secunia", value:"40775"); script_name(english:"Oracle OpenOffice.org < 3.3 Multiple Vulnerabilities"); script_summary(english:"Checks the version of OpenOffice.org."); script_set_attribute( attribute:"synopsis", value: "The remote Windows host has a program affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "The version of Oracle OpenOffice.org installed on the remote host is prior to 3.3. It is, therefore, affected by several issues : - Issues exist relating to PowerPoint document processing that may lead to arbitrary code execution. (CVE-2010-2935, CVE-2010-2936) - A directory traversal vulnerability exists in zip / jar package extraction. (CVE-2010-3450) - Issues exist relating to RTF document processing that may lead to arbitrary code execution. (CVE-2010-3451, CVE-2010-3452) - Issues exist relating to Word document processing that may lead to arbitrary code execution. (CVE-2010-3453, CVE-2010-3454) - Issues exist in the third-party XPDF library relating to PDF document processing that may allow arbitrary code execution. (CVE-2010-3702, CVE-2010-3704) - OpenOffice.org includes a version of LIBXML2 that is affected by multiple vulnerabilities. (CVE-2010-4008, CVE-2010-4494) - An issue exists with PNG file processing that may allow arbitrary code execution. (CVE-2010-4253) - An issue exists with TGA file processing that may allow arbitrary code execution. (CVE-2010-4643)"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2011/Jan/487"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3450.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4253.html"); script_set_attribute(attribute:"see_also", value:"http://www.openoffice.org/security/cves/CVE-2010-4643.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Oracle OpenOffice.org version 3.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date",value:"2011/01/26"); script_set_attribute(attribute:"patch_publication_date",value:"2011/01/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:openoffice.org"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("openoffice_installed.nasl"); script_require_keys("SMB/OpenOffice/Build"); exit(0); } build = get_kb_item("SMB/OpenOffice/Build"); if (build) { matches = eregmatch(string:build, pattern:"([0-9]+[a-z][0-9]+)\(Build:([0-9]+)\)"); if (!isnull(matches)) { buildid = int(matches[2]); if (buildid < 9567) security_hole(get_kb_item("SMB/transport")); else exit(0,"Build " + buildid + " is not affected."); } else exit(1, "Failed to extract the build number from '"+build+"'."); } else exit(1, "The 'SMB/OpenOffice/Build' KB item is missing.");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2010-0643.NASL description Updated openoffice.org packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer truncation error, leading to a heap-based buffer overflow, was found in the way the OpenOffice.org Impress presentation application sanitized a file last seen 2020-06-01 modified 2020-06-02 plugin id 48742 published 2010-08-26 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48742 title CentOS 3 / 4 : openoffice.org (CESA-2010:0643) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201408-19.NASL description The remote host is affected by the vulnerability described in GLSA-201408-19 (OpenOffice, LibreOffice: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 77467 published 2014-09-01 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/77467 title GLSA-201408-19 : OpenOffice, LibreOffice: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2011-0837.NASL description - Thu Jan 27 2011 Caolan McNamara <caolanm at redhat.com>- 1:3.2.0-12.35 - CVE-2010-3450 Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452 RTF documents - CVE-2010-3453 / CVE-2010-3454 Word documents - CVE-2010-3689 LD_LIBRARY_PATH usage - CVE-2010-4253 PNG graphics - CVE-2010-4643 TGA graphics - Resolves: rhbz#648475 Crash in scanner dialog - Resolves: rhbz#657628 divide-by-zero - Resolves: rhbz#657718 Crash in SwObjectFormatterTxtFrm - Resolves: rhbz#660312 SDK setup script creates invalid variables (dtardon) - Resolves: rhbz#663780 extend neon mutex locking - Resoves: rhbz#577525 [abrt] crash in ImplRegionBase::~ImplRegionBase (dtardon) - Tue Oct 26 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.34 - Resolves: rhbz#636521 crash in undo in sc - Resolves: rhbz#641637 [abrt] [presentation-minimizer] crash in OptimizationStats::GetStatusValue (dtardon) - make LD_PRELOAD of libsalalloc_malloc.so work again (dtardon) - Resolves: rhbz#642996 [abrt] CffSubsetterContext::readDictOp (dtardon) - Fri Oct 15 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.33 - Resolves: rhbz#637838 Cropped pictures are displayed in entirety in handouts (dtardon) - Tue Oct 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.32 - Resolves: rhbz#568277 workaround to avoid the crash (dtardon) - Resolves: rhbz#631543 [abrt] crash on dereferencing dangling pointer passed down from SwCalc::Str2Double (dtardon) - Resolves: rhbz#631823 Line and Filling toolbar glitch on theme change (caolanm) - Resolves: rhbz#637738 threading problems with using libgcrypt via neon when libgcrypt which was initialized by cups to be non-thread safe (caolanm) - Resolves: rhbz#632326 [abrt] [docx] _Construct<long, long> crash (dtardon) - Fri Aug 13 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.31 - Resolves: rhbz#623800 gnome-shell/mutter focus problems - Thu Aug 12 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.30 - Resolves: rhbz#623609 CVE-2010-2935 CVE-2010-2936 - Mon Aug 9 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.29 - Resolves: rhbz#601621 avoid using mmap for copying files - Sun Aug 8 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.28 - Resolves: rhbz#621248 32bit events in forms on 64bit - Resolves rhbz#618047 Brackets incorrectly render in presentations (dtardon) - Wed Aug 4 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.27 - Resolves: rhbz#608114 cppu-lifecycle issues (caolanm) - Resolves: rhbz#566831 [abrt] crash in GetFrmSize (dtardon) - Resolves: rhbz#613278 [abrt] crash in SANE shutdown (caolanm) - Resolves: rhbz#620390 [abrt] crash in SfxViewFrame::GetFrame (dtardon) - Mon Jun 21 2010 Caolan McNamara <caolanm at redhat.com> - 1:3.2.0-12.26 [plus 34 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 52004 published 2011-02-17 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/52004 title Fedora 13 : openoffice.org-3.2.0-12.35.fc13 (2011-0837) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1056-1.NASL description Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936) Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. (CVE-2010-3450) Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454) Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. (CVE-2010-3689) Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4253) It was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4643). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 51858 published 2011-02-03 reporter Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51858 title Ubuntu 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : openoffice.org vulnerabilities (USN-1056-1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPENOFFICE_ORG-110330.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - maintenance update (bnc#667421, MaintenanceTracker-38738) - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don last seen 2020-06-01 modified 2020-06-02 plugin id 53784 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53784 title openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0337-1) NASL family SuSE Local Security Checks NASL id SUSE_11_3_OPENOFFICE_ORG-DRAW-100906.NASL description Specially crafted ppt files could cause a heap based buffer overflow in OpenOffice_org Impress. Attackers could exploit that to crash OpenOffice_org or potentially even execute arbitrary code (CVE-2010-2935, CVE-2010-2936). last seen 2020-06-01 modified 2020-06-02 plugin id 75688 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75688 title openSUSE Security Update : OpenOffice_org-draw (openSUSE-SU-2010:0732-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2010-0643.NASL description From Red Hat Security Advisory 2010:0643 : Updated openoffice.org packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer truncation error, leading to a heap-based buffer overflow, was found in the way the OpenOffice.org Impress presentation application sanitized a file last seen 2020-06-01 modified 2020-06-02 plugin id 68087 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68087 title Oracle Linux 3 / 4 : openoffice.org (ELSA-2010-0643) NASL family Scientific Linux Local Security Checks NASL id SL_20100823_OPENOFFICE_ORG_ON_SL3_X.NASL description An integer truncation error, leading to a heap-based buffer overflow, was found in the way the OpenOffice.org Impress presentation application sanitized a file last seen 2020-06-01 modified 2020-06-02 plugin id 60840 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60840 title Scientific Linux Security Update : openoffice.org on SL3.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_3_OPENOFFICE_ORG-110330.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. - fixed security bugs : - PowerPoint document processing (CVE-2010-2935, CVE-2010-2936) - extensions and filter package files (CVE-2010-3450) - RTF document processing (CVE-2010-3451, CVE-2010-3452) - Word document processing (CVE-2010-3453, CVE-2010-3454) - insecure LD_LIBRARY_PATH usage (CVE-2010-3689) - PDF Import extension resulting from 3rd party library XPD (CVE-2010-3702, CVE-2010-3704) - PNG file processing (CVE-2010-4253) - TGA file processing (CVE-2010-4643) - most important changes : - add conflicts to force migration to libreoffice - obsolete Quickstarter - enabled KDE3 support (bnc#678998) - libreoffice-3.3.1.2 == 3.3.1-rc2 == final - fixed audio/video playback in presentation (deb#612940, bnc#651250) - fixed non-working input methods in KDE4 (bnc#665112) - fixed occasional blank first slide (fdo#34533) - fixed cairo canvas edge count calculation (bnc#647959) - updated to libreoffice-3.3.1.2 (3.3.1-rc2) : - l10n - updated some translations - libs-core - crashing oosplash and malformed picture (bnc#652562) - Byref and declare Basic statement (fdo#33964, i#115716) - fixed BorderLine(2) conversion to SvxBorderLine (fdo#34226) - libs-gui - getEnglishSearchFontName() searches Takao fonts - sdk - fix ODK settings.mk to only set STLPORTLIB if needed - writer - rtfExport::HackIsWW8OrHigher(): return true (fdo#33478) - visual editor destroys formulas containing symbols (fdo#32759, fdo#32755) - enabled KDE4 support for SLED11; LO-3.3.1 fixed the remaining annoying bugs - fixed EMF+ import (bnc#650049) - updated to libreoffice-3.3.1.1 (3.3.1-rc1) : - artwork - new MIME type icons for LibreOffice - bootstrap - wrong line break with ( (fdo#31271) - build - default formula string (n#664516) - don last seen 2020-06-01 modified 2020-06-02 plugin id 75687 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75687 title openSUSE Security Update : OpenOffice_org (openSUSE-SU-2011:0336-1) NASL family Scientific Linux Local Security Checks NASL id SL_20100823_OPENOFFICE_ORG2_ON_SL4_X.NASL description An integer truncation error, leading to a heap-based buffer overflow, was found in the way the OpenOffice.org Impress presentation application sanitized a file last seen 2020-06-01 modified 2020-06-02 plugin id 60839 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60839 title Scientific Linux Security Update : openoffice.org2 on SL4.x i386/x86_64 NASL family Scientific Linux Local Security Checks NASL id SL_20100823_OPENOFFICE_ORG_ON_SL4_X.NASL description An integer truncation error, leading to a heap-based buffer overflow, was found in the way the OpenOffice.org Impress presentation application sanitized a file last seen 2020-06-01 modified 2020-06-02 plugin id 60841 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60841 title Scientific Linux Security Update : openoffice.org on SL4.x i386/x86_64 NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-221.NASL description Multiple vulnerabilities was discovered and corrected in the OpenOffice.org : Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow (CVE-2009-2949). Heap-based buffer overflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression (CVE-2009-2950). Integer underflow allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document (CVE-2009-3301). boundary error flaw allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document (CVE-2009-3302). Lack of properly enforcing Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document (CVE-2010-0136). User-assisted remote attackers are able to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed (CVE-2010-0395). Impress module does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an integer truncation error (CVE-2010-2935). Integer overflow in the Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow (CVE-2010-2936). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 This update provides OpenOffice.org packages have been patched to correct these issues and additional dependent packages. last seen 2020-06-01 modified 2020-06-02 plugin id 50503 published 2010-11-07 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50503 title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:221) NASL family SuSE Local Security Checks NASL id SUSE_11_1_OPENOFFICE_ORG-DRAW-100906.NASL description Specially crafted ppt files could cause a heap based buffer overflow in OpenOffice_org Impress. Attackers could exploit that to crash OpenOffice_org or potentially even execute arbitrary code (CVE-2010-2935, CVE-2010-2936). last seen 2020-06-01 modified 2020-06-02 plugin id 50012 published 2010-10-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50012 title openSUSE Security Update : OpenOffice_org-draw (openSUSE-SU-2010:0732-1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_OPENOFFICE_ORG-DRAW-100906.NASL description Specially crafted ppt files could cause a heap based buffer overflow in OpenOffice_org Impress. Attackers could exploit that to crash OpenOffice_org or potentially even execute arbitrary code (CVE-2010-2935, CVE-2010-2936). last seen 2020-06-01 modified 2020-06-02 plugin id 50018 published 2010-10-18 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50018 title openSUSE Security Update : OpenOffice_org-draw (openSUSE-SU-2010:0732-1) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBREOFFICE331-110318.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. The previous OpenOffice_org packages are also renamed to libreoffice. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier last seen 2020-06-01 modified 2020-06-02 plugin id 52735 published 2011-03-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52735 title SuSE 11.1 Security Update : Libreoffice (SAT Patch Number 4082) NASL family SuSE Local Security Checks NASL id SUSE_LIBREOFFICE331-7365.NASL description Maintenance update to LibreOffice-3.3.1. It adds some interesting features, fixes many bugs, including several security vulnerabilities. LibreOffice is continuation of the OpenOffice.org project. This update replaces the OpenOffice.org installation, including helper packages, e.g. dictionaries, templates. The new stuff is backward compatible. List of LibreOffice-3.3 features : General - online help - common search toolbar - new easier last seen 2020-06-01 modified 2020-06-02 plugin id 52738 published 2011-03-21 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/52738 title SuSE 10 Security Update : Libreoffice (ZYPP Patch Number 7365) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2010-0643.NASL description Updated openoffice.org packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer truncation error, leading to a heap-based buffer overflow, was found in the way the OpenOffice.org Impress presentation application sanitized a file last seen 2020-06-01 modified 2020-06-02 plugin id 48423 published 2010-08-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48423 title RHEL 3 / 4 : openoffice.org (RHSA-2010:0643) NASL family SuSE Local Security Checks NASL id SUSE_OPENOFFICE_ORG-7148.NASL description Specially crafted ppt files could cause a heap-based buffer overflow in OpenOffice_org Impress. Attackers could exploit that to crash OpenOffice_org or potentially even execute arbitrary code. (CVE-2010-2935 / CVE-2010-2936) This update also fixes numerous non-security bugs. Please refer to the package changelog for details. last seen 2020-06-01 modified 2020-06-02 plugin id 51687 published 2011-01-27 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51687 title SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 7148) NASL family SuSE Local Security Checks NASL id SUSE_11_OPENOFFICE_ORG-100907.NASL description Specially crafted ppt files could cause a heap-based buffer overflow in OpenOffice_org Impress. Attackers could exploit that to crash OpenOffice_org or potentially even execute arbitrary code. (CVE-2010-2935 / CVE-2010-2936) This update also fixes numerous non-security bugs. Please refer to the package changelog for details. last seen 2020-06-01 modified 2020-06-02 plugin id 50878 published 2010-12-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/50878 title SuSE 11 / 11.1 Security Update : OpenOffice_org (SAT Patch Numbers 3087 / 3089) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F2B43905354511E08E810022190034C0.NASL description OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.3 - CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing - CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files - CVE-2010-3451 / CVE-2010-3452: Security Vulnerability in OpenOffice.org related to RTF document processing - CVE-2010-3453 / CVE-2010-3454: Security Vulnerability in OpenOffice.org related to Word document processing - CVE-2010-3689: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts - CVE-2010-3702 / CVE-2010-3704: Security Vulnerability in OpenOffice.org last seen 2020-06-01 modified 2020-06-02 plugin id 51966 published 2011-02-14 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/51966 title FreeBSD : openoffice.org -- Multiple vulnerabilities (f2b43905-3545-11e0-8e81-0022190034c0)
Oval
| accepted | 2011-08-15T04:00:04.921-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:12063 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2010-09-08T12:12:46 | ||||||||||||||||
| title | Integer truncation error in OpenOffice.org version 3.2.1 | ||||||||||||||||
| version | 10 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
- http://secunia.com/advisories/40775
- http://secunia.com/advisories/40775
- http://secunia.com/advisories/41052
- http://secunia.com/advisories/41052
- http://secunia.com/advisories/41235
- http://secunia.com/advisories/41235
- http://secunia.com/advisories/42927
- http://secunia.com/advisories/42927
- http://secunia.com/advisories/43105
- http://secunia.com/advisories/43105
- http://secunia.com/advisories/60799
- http://secunia.com/advisories/60799
- http://securityevaluators.com/files/papers/CrashAnalysis.pdf
- http://securityevaluators.com/files/papers/CrashAnalysis.pdf
- http://ubuntu.com/usn/usn-1056-1
- http://ubuntu.com/usn/usn-1056-1
- http://www.debian.org/security/2010/dsa-2099
- http://www.debian.org/security/2010/dsa-2099
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
- http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
- http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
- http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
- http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
- http://www.openwall.com/lists/oss-security/2010/08/11/1
- http://www.openwall.com/lists/oss-security/2010/08/11/1
- http://www.openwall.com/lists/oss-security/2010/08/11/4
- http://www.openwall.com/lists/oss-security/2010/08/11/4
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
- http://www.redhat.com/support/errata/RHSA-2010-0643.html
- http://www.redhat.com/support/errata/RHSA-2010-0643.html
- http://www.securitytracker.com/id?1024352
- http://www.securitytracker.com/id?1024352
- http://www.securitytracker.com/id?1024976
- http://www.securitytracker.com/id?1024976
- http://www.vupen.com/english/advisories/2010/2003
- http://www.vupen.com/english/advisories/2010/2003
- http://www.vupen.com/english/advisories/2010/2149
- http://www.vupen.com/english/advisories/2010/2149
- http://www.vupen.com/english/advisories/2010/2228
- http://www.vupen.com/english/advisories/2010/2228
- http://www.vupen.com/english/advisories/2010/2905
- http://www.vupen.com/english/advisories/2010/2905
- http://www.vupen.com/english/advisories/2011/0150
- http://www.vupen.com/english/advisories/2011/0150
- http://www.vupen.com/english/advisories/2011/0230
- http://www.vupen.com/english/advisories/2011/0230
- http://www.vupen.com/english/advisories/2011/0279
- http://www.vupen.com/english/advisories/2011/0279
- https://bugzilla.redhat.com/show_bug.cgi?id=622529
- https://bugzilla.redhat.com/show_bug.cgi?id=622529
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063