CVE-2012-2149 – libwpd: Memory overwrite flaw by processing certain WordPerfect (WPD) documents
https://notcve.org/view.php?id=CVE-2012-2149
The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow. La función WPXContentListener::_closeTableRow en WPXContentListener.cpp en libwpd v0.8.8, tal y como es usado por OpenOffice.org (OOo) antes de v3.4, permite a atacantes remotos ejecutar código de su elección a través de un documento WordPerfect .WPD debidamente modificado, que provoca que se use un índice de matriz negativa. NOTA: algunas fuentes informan de este tema como un desbordamiento de enteros. • http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html http://rhn.redhat.com/errata/RHSA-2012-1043.html http://secunia.com/advisories/46992 http://secunia.com/advisories/60799 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.openoffice.org/security/cves/CVE-2012-2149.html http://www.securityfocus.com/bid/53570 http://www.securitytracker.com/id?1027069 • CWE-189: Numeric Errors •
CVE-2009-0201 – OpenOffice.org Word document buffer overflow
https://notcve.org/view.php?id=CVE-2009-0201
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." Desbordamiento de búfer basado en memoria dinámica en OpenOffice.org (OOo) en versiones anteriores a la 3.1.1 puede permitir atacantes remotos ejecutar código de su elección mediante registros no especificados en un documento de Word manipulado, en relación con "table parsing." • http://development.openoffice.org/releases/3.1.1.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36750 http://secunia.com/advisories/60799 http://secunia.com/secunia_research/2009-27 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1 http://www.debian.org/security/2009/dsa-1880 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2009-0200 – OpenOffice.org Word document Integer Underflow
https://notcve.org/view.php?id=CVE-2009-0200
Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow. Desbordamiento de entero en en OpenOffice.org (OOo)anteriores v3.1.1 permite a atacantes remotos ejecutar código de su elección a través de registros manipulados en la tabla de documentos de un documento Word, desencadenando un desbordamiento basado en pila. • http://development.openoffice.org/releases/3.1.1.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36750 http://secunia.com/advisories/60799 http://secunia.com/secunia_research/2009-26 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1 http://www.debian.org/security/2009/dsa-1880 http://www. • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2009-0259 – Microsoft Windows Wordpad - '.doc' File Local Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2009-0259
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841. El procesador de textos en OpenOffice.org v1.1.2 a v1.1.5 permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero (1).doc, (2).wri, o (3) .rtf de Word 97 manipulado que provoca una corrupción de memoria, como se ha explotado libremente en diciembre de 2008 y como ha sido demostrado por 2008-crash.doc.rar y una cuestión similar a CVE-2008-4841. • https://www.exploit-db.com/exploits/6560 http://milw0rm.com/sploits/2008-crash.doc.rar http://www.openwall.com/lists/oss-security/2009/01/21/9 http://www.securityfocus.com/bid/33383 https://exchange.xforce.ibmcloud.com/vulnerabilities/48213 • CWE-399: Resource Management Errors •
CVE-2008-2238 – OpenOffice.org multiple EMF buffer overflows
https://notcve.org/view.php?id=CVE-2008-2238
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow. Desbordamiento de búfer basado en montículo en OpenOffice.org (OOo) v2.x anterior a v2.4.2 permite a atacantes remotos ejecutar código de su elección mediante un archivo EMF manipulado con un documento StarOffice/StarSuite. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://neowiki.neooffice.org/index.php/NeoOffice_2.2.5_Patch_3_New_Features#Security_fixes http://secunia.com/advisories/32419 http://secunia.com/advisories/32461 http://secunia.com/advisories/32463 http://secunia.com/advisories/32489 http://secunia.com/advisories/32676 http://secunia.com/advisories/32856 http://secunia.com/advisories/32872 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •