Vulnerabilities > Openoffice > Openoffice
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-30 | CVE-2006-2199 | Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. | 7.6 |
2006-06-30 | CVE-2006-2198 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | 7.6 |
2005-12-31 | CVE-2005-4636 | Local Security vulnerability in Openoffice OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. | 4.6 |
2005-05-02 | CVE-2005-0941 | Remote Heap Overflow vulnerability in OpenOffice Malformed Document The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. | 5.1 |
2004-10-20 | CVE-2004-0752 | Local File Disclosure vulnerability in Openoffice 1.1.2 OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. | 2.1 |
2004-07-07 | CVE-2004-0398 | Heap Overflow vulnerability in Neon WebDAV Client Library ne_rfc1036_parse Function Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. | 7.5 |
2004-06-01 | CVE-2004-0179 | Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. | 5.1 |
2002-12-31 | CVE-2002-2210 | Symbolic Link vulnerability in Openoffice 1.0.1 The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file. | 6.2 |