Vulnerabilities > CVE-2012-4233 - NULL Pointer Dereference Denial of Service vulnerability in LibreOffice and OpenOffice
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-868.NASL description LibreOffice was updated to 3.5.4.13 (3.5.6rc2 based), fixing a security issue and lots of bugs : - NULL pointer dereference (bnc#778669, CVE-2012-4233) - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix (bnc#734733) - update to suse-3.5.4.13 (SUSE 3.5 bugfix release 13, based on upstream 3.5.6-rc2) - polygon fill rule (bnc#759172) - open XML in Writer (bnc#777181) - undo in text objects (fdo#36138) - broken numbering level (bnc#760019) - better MathML detection (bnc#774921) - pictures in DOCX import (bnc#772094) - collapsing border painting (fdo#39415) - better DOCX text box export (fdo#45724) - hidden text in PPTX import (bnc#759180) - slide notes in PPTX import (bnc#768027) - RTL paragraphs in DOC import (fdo#43398) - better vertical text imports (bnc#744510) - HYPERLINK field in DOCX import (fdo#51034) - shadow color on partial redraw (bnc#773515) - floating objects in DOCX import (bnc#775899) - graphite2 hyphenation regression (fdo#49486) - missing shape position and size (bnc#760997) - page style attributes in ODF import (fdo#38056) - browsing in Template dialog crasher (fdo#46249) - wrong master slide shape being used (bnc#758565) - page borders regression in ODT import (fdo#38056) - invalidate bound rect after drag&drop (fdo#44534) - rotated shape margins in PPTX import (bnc#773048) - pasting into more than 1 sheet crasher (fdo#47311) - crashers in PPT/PPTX import (bnc#768027, bnc#774167 - missing footnote in DOCX/DOC/RTF export (fdo#46020) - checkbox no-label behaviour (fdo#51336, bnc#757602) - try somewhat harder to read w:position (bnc#773061) - FormatNumber can handle sal_uInt32 values (fdo#51793) - rectangle-paragraph tables in DOCX import (bnc#775899) - header and bullet in slideshow transition (bnc#759172) - default background color in DOC/DOCX export (fdo#45724) - font name / size attributes in DOCX import (bnc#774681) - zero rect. size causing wrong line positions (fdo#47434) - adjusted display of Bracket/BracePair in PPT (bnc#741480) - use Unicode functions for QuickStarter tooltip (fdo#52143) - TabRatio API and detect macro at group shape fixes (bnc#770708) - indented text in DOCX file does not wrap correctly (bnc#775906) - undocked toolbars do not show all icons in special ratio (fdo#47071) - cross-reference text when Caption order is Numbering first (fdo#50801) - bullet color same as following text by default (bnc#719988, bnc#734733) - misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772, fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966) - update to libvisio 0.0.19 : - file displays as blank page in Draw (fdo#50990) - use the vendor SUSE instead of Novell, Inc. - install-with-vendor-SUSE.diff: fix installation with the vendor last seen 2020-06-05 modified 2014-06-13 plugin id 74849 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74849 title openSUSE Security Update : libreoffice (openSUSE-SU-2012:1686-1) NASL family SuSE Local Security Checks NASL id SUSE_LIBREOFFICE-8286.NASL description LibreOffice was updated to SUSE 3.5 bugfix release 13 (based on upstream 3.5.6-rc2) which fixes a lot of bugs. The following bugs have been fixed : - polygon fill rule. (bnc#759172) - open XML in Writer. (bnc#777181) - undo in text objects (fdo#36138) - broken numbering level. (bnc#760019) - better MathML detection. (bnc#774921) - pictures in DOCX import. (bnc#772094) - collapsing border painting (fdo#39415) - better DOCX text box export (fdo#45724) - hidden text in PPTX import. (bnc#759180) - slide notes in PPTX import. (bnc#768027) - RTL paragraphs in DOC import (fdo#43398) - better vertical text imports. (bnc#744510) - HYPERLINK field in DOCX import (fdo#51034) - shadow color on partial redraw. (bnc#773515) - floating objects in DOCX import. (bnc#775899) - graphite2 hyphenation regression (fdo#49486) - missing shape position and size. (bnc#760997) - page style attributes in ODF import (fdo#38056) - browsing in Template dialog crasher (fdo#46249) - wrong master slide shape being used. (bnc#758565) - page borders regression in ODT import (fdo#38056) - invalidate bound rect after drag&drop (fdo#44534) - rotated shape margins in PPTX import. (bnc#773048) - pasting into more than 1 sheet crasher (fdo#47311) - crashers in PPT/PPTX import (bnc#768027, bnc#774167 - missing footnote in DOCX/DOC/RTF export (fdo#46020) - checkbox no-label behaviour (fdo#51336, bnc#757602) - try somewhat harder to read w:position. (bnc#773061) - FormatNumber can handle sal_uInt32 values (fdo#51793) - rectangle-paragraph tables in DOCX import. (bnc#775899) - header and bullet in slideshow transition. (bnc#759172) - default background color in DOC/DOCX export (fdo#45724) - font name / size attributes in DOCX import. (bnc#774681) - zero rect. size causing wrong line positions (fdo#47434) - adjusted display of Bracket/BracePair in PPT. (bnc#741480) - use Unicode functions for QuickStarter tooltip (fdo#52143) - TabRatio API and detect macro at group shape fixes. (bnc#770708) - indented text in DOCX file does not wrap correctly. (bnc#775906) - undocked toolbars do not show all icons in special ratio (fdo#47071) - cross-reference text when Caption order is Numbering first (fdo#50801) - bullet color same as following text by default. (bnc#719988, bnc#734733) - misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772, fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966) - libvisio was updated to 0.0.19: o file displays as blank page in Draw (fdo#50990) - Use the vendor SUSE instead of Novell, Inc. - Some NULL pointer dereferences were fixed. (CVE-2012-4233) Security Issue refernce : - CVE-2012-4233 last seen 2020-06-05 modified 2012-11-01 plugin id 62781 published 2012-11-01 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62781 title SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8286) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2570.NASL description High-Tech Bridge SA Security Research Lab discovered multiple NULL pointer dereferences based vulnerabilities in OpenOffice.org which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (PowerPoint 2003) and XLS (Excel 2003). last seen 2020-03-17 modified 2012-11-01 plugin id 62778 published 2012-11-01 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/62778 title Debian DSA-2570-1 : openoffice.org - several vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_LIBREOFFICE_361.NASL description A version of LibreOffice prior to 3.5.7 / 3.6.1 is installed on the remote Mac OS X host. It is, therefore, reportedly affected by multiple denial of service vulnerabilities in various import filters: - Excel (.xls) - Windows Meta File (.wmf) - Open Document Format (.odg / .odt) This could allow a remote attacker with a specially crafted file to crash the application upon loading. Note that Nessus has not attempted to exploit these issues, but has instead relied only on the self-reported version number. last seen 2020-06-01 modified 2020-06-02 plugin id 73333 published 2014-04-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73333 title LibreOffice < 3.5.7 / 3.6.1 Multiple Denial of Service Vulnerabilities (Mac OS X) NASL family Windows NASL id LIBREOFFICE_361.NASL description A version of LibreOffice prior to 3.5.7 / 3.6.1 is installed on the remote Windows host. It is, therefore, reportedly affected by multiple denial of service vulnerabilities in various import filters: - Excel (.xls) - Windows Meta File (.wmf) - Open Document Format (.odg / .odt) This could allow a remote attacker with a specially crafted file to crash the application upon loading. Note that Nessus has not attempted to exploit these issues, but has instead relied only on the self-reported version number. last seen 2020-06-01 modified 2020-06-02 plugin id 73332 published 2014-04-04 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73332 title LibreOffice < 3.5.7 / 3.6.1 Multiple Denial of Service Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2012-796.NASL description LibreOffice was updated to 3.5.4.13 to fix various bugs and security issues : - NULL pointer dereference (bnc#778669, CVE-2012-4233) - bullet-color-pptx-import.diff: bullets should have same color as following text by default; missing part of the fix (bnc#734733) - update to suse-3.5.4.13 (SUSE 3.5 bugfix release 13, based on upstream 3.5.6-rc2) - polygon fill rule (bnc#759172) - open XML in Writer (bnc#777181) - undo in text objects (fdo#36138) - broken numbering level (bnc#760019) - better MathML detection (bnc#774921) - pictures in DOCX import (bnc#772094) - collapsing border painting (fdo#39415) - better DOCX text box export (fdo#45724) - hidden text in PPTX import (bnc#759180) - slide notes in PPTX import (bnc#768027) - RTL paragraphs in DOC import (fdo#43398) - better vertical text imports (bnc#744510) - HYPERLINK field in DOCX import (fdo#51034) - shadow color on partial redraw (bnc#773515) - floating objects in DOCX import (bnc#775899) - graphite2 hyphenation regression (fdo#49486) - missing shape position and size (bnc#760997) - page style attributes in ODF import (fdo#38056) - browsing in Template dialog crasher (fdo#46249) - wrong master slide shape being used (bnc#758565) - page borders regression in ODT import (fdo#38056) - invalidate bound rect after drag&drop (fdo#44534) - rotated shape margins in PPTX import (bnc#773048) - pasting into more than 1 sheet crasher (fdo#47311) - crashers in PPT/PPTX import (bnc#768027, bnc#774167 - missing footnote in DOCX/DOC/RTF export (fdo#46020) - checkbox no-label behaviour (fdo#51336, bnc#757602) - try somewhat harder to read w:position (bnc#773061) - FormatNumber can handle sal_uInt32 values (fdo#51793) - rectangle-paragraph tables in DOCX import (bnc#775899) - header and bullet in slideshow transition (bnc#759172) - default background color in DOC/DOCX export (fdo#45724) - font name / size attributes in DOCX import (bnc#774681) - zero rect. size causing wrong line positions (fdo#47434) - adjusted display of Bracket/BracePair in PPT (bnc#741480) - use Unicode functions for QuickStarter tooltip (fdo#52143) - TabRatio API and detect macro at group shape fixes (bnc#770708) - indented text in DOCX file does not wrap correctly (bnc#775906) - undocked toolbars do not show all icons in special ratio (fdo#47071) - cross-reference text when Caption order is Numbering first (fdo#50801) - bullet color same as following text by default (bnc#719988, bnc#734733) - misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772, fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966) - update to libvisio 0.0.19 : - file displays as blank page in Draw (fdo#50990) - use the vendor SUSE instead of Novell, Inc. - install-with-vendor-SUSE.diff: fix installation with the vendor last seen 2020-06-05 modified 2014-06-13 plugin id 74815 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74815 title openSUSE Security Update : LibreOffice (openSUSE-SU-2012:1523-1) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBREOFFICE-356-120910.NASL description LibreOffice was updated to SUSE 3.5 bugfix release 13 (based on upstream 3.5.6-rc2) which fixes a lot of bugs. The following bugs have been fixed : - polygon fill rule. (bnc#759172) - open XML in Writer. (bnc#777181) - undo in text objects (fdo#36138) - broken numbering level. (bnc#760019) - better MathML detection. (bnc#774921) - pictures in DOCX import. (bnc#772094) - collapsing border painting (fdo#39415) - better DOCX text box export (fdo#45724) - hidden text in PPTX import. (bnc#759180) - slide notes in PPTX import. (bnc#768027) - RTL paragraphs in DOC import (fdo#43398) - better vertical text imports. (bnc#744510) - HYPERLINK field in DOCX import (fdo#51034) - shadow color on partial redraw. (bnc#773515) - floating objects in DOCX import. (bnc#775899) - graphite2 hyphenation regression (fdo#49486) - missing shape position and size. (bnc#760997) - page style attributes in ODF import (fdo#38056) - browsing in Template dialog crasher (fdo#46249) - wrong master slide shape being used. (bnc#758565) - page borders regression in ODT import (fdo#38056) - invalidate bound rect after drag&drop (fdo#44534) - rotated shape margins in PPTX import. (bnc#773048) - pasting into more than 1 sheet crasher (fdo#47311) - crashers in PPT/PPTX import (bnc#768027,. (bnc#774167) - missing footnote in DOCX/DOC/RTF export (fdo#46020) - checkbox no-label behaviour (fdo#51336, bnc#757602) - try somewhat harder to read w:position. (bnc#773061) - FormatNumber can handle sal_uInt32 values (fdo#51793) - rectangle-paragraph tables in DOCX import. (bnc#775899) - header and bullet in slideshow transition. (bnc#759172) - default background color in DOC/DOCX export (fdo#45724) - font name / size attributes in DOCX import. (bnc#774681) - zero rect. size causing wrong line positions (fdo#47434) - adjusted display of Bracket/BracePair in PPT. (bnc#741480) - use Unicode functions for QuickStarter tooltip (fdo#52143) - TabRatio API and detect macro at group shape fixes. (bnc#770708) - indented text in DOCX file does not wrap correctly. (bnc#775906) - undocked toolbars do not show all icons in special ratio (fdo#47071) - cross-reference text when Caption order is Numbering first (fdo#50801) - bullet color same as following text by default. (bnc#719988, bnc#734733) - misc RTF import fixes (rhbz#819304, fdo#49666, bnc#774681, fdo#51772, fdo#48033, fdo#52066, fdo#48335, fdo#48446, fdo#49892, fdo#46966) - libvisio was updated to 0.0.19 : - file displays as blank page in Draw (fdo#50990) - Use the vendor SUSE instead of Novell, Inc. - Some NULL pointer dereferences were fixed. (CVE-2012-4233) last seen 2020-06-05 modified 2013-01-25 plugin id 64193 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64193 title SuSE 11.2 Security Update : LibreOffice (SAT Patch Number 6804)
References
- http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b
- http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69
- http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97
- http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7
- http://lists.opensuse.org/opensuse-updates/2012-11/msg00039.html
- http://lists.opensuse.org/opensuse-updates/2012-12/msg00075.html
- http://www.debian.org/security/2012/dsa-2570
- http://www.libreoffice.org/advisories/cve-2012-4233/
- http://www.openwall.com/lists/oss-security/2012/11/02/2
- http://www.securityfocus.com/bid/56352
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79728
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79730
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79731
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79732
- https://www.htbridge.com/advisory/HTB23106