CVE-2007-2834 – openoffice.org TIFF parsing heap overflow
https://notcve.org/view.php?id=CVE-2007-2834
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. Desbordamiento de enteros en el analizador TIFF en OpenOffice.org (OOo) anterior a la versión 2.3; y Office Suit (StarSuite) de Sun StarOffice versiones 6, 7 y 8 ; permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo TIFF con valores creados de campos de longitud no especificada, lo que desencadena la asignación de una cantidad inapropiada de memoria, resultando en un desbordamiento de búfer en la región heap de la memoria. • http://bugs.gentoo.org/show_bug.cgi?id=192818 http://fedoranews.org/updates/FEDORA-2007-237.shtml http://fedoranews.org/updates/FEDORA-2007-700.shtml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593 http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html http://secunia.com/advisories/26816 http://secunia.com/advisories/26817 http://secunia.com/advisories/26839 http://secunia.com/advisories/26844 http://secunia.com/advisories/26855 http:/ • CWE-190: Integer Overflow or Wraparound •
CVE-2006-5870
https://notcve.org/view.php?id=CVE-2006-5870
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. Múltiples desbordamientos de enteros en OpenOffice.org (OOo) 2.0.4 y anteriores, y posiblemente otras versiones anteriores a 2.1.0;y StarOffice 6 hasta 8; permiten a un atacante remoto con la intervención del usuario ejecutar código de su elección mediante (1) ficheros WMF o (b) EMF manipulados que disparan un desbordamiento de búfer basado en montículo en (1) wmf/winwmf.cxx, durante el procesamiento de registros META_ESCAPE; y wmf/enhwmf.cxx durante el procesamiento de (2) registros EMR_POLYPOLYGON y (3) EMR_POLYPOLYGON16. • ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly http://fedoranews.org/cms/node/2344 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html http://osvdb.org/32610 http://osvdb.org/32611 http://secunia.com/advisories/23549 http://secunia.com/advisories/23600 http://secunia.com/advisories/23612 http://secunia.com/advisories/23616 http://secunia.com/advisories/23620 • CWE-189: Numeric Errors •
CVE-2006-3117
https://notcve.org/view.php?id=CVE-2006-3117
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." • http://fedoranews.org/cms/node/2343 http://secunia.com/advisories/20867 http://secunia.com/advisories/20893 http://secunia.com/advisories/20910 http://secunia.com/advisories/20911 http://secunia.com/advisories/20913 http://secunia.com/advisories/20975 http://secunia.com/advisories/20995 http://secunia.com/advisories/21278 http://secunia.com/advisories/22129 http://secunia.com/advisories/23620 http://security.gentoo.org/glsa/glsa-200607-12.xml http://securitytracker.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-2198
https://notcve.org/view.php?id=CVE-2006-2198
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. OpenOffice.org (también conocido como StarOffice) v1.1.x a v1.1.5 y v2.0.x anteriores a v2.0.3 permite a los atacantes de usuarios asistidos conducir actividades no autorizadas a través de un documento OpenOffice con una macro BASIC maliciosa, lo que es ejecutad sin confirmación al usuario. • http://fedoranews.org/cms/node/2343 http://secunia.com/advisories/20867 http://secunia.com/advisories/20893 http://secunia.com/advisories/20910 http://secunia.com/advisories/20911 http://secunia.com/advisories/20913 http://secunia.com/advisories/20975 http://secunia.com/advisories/20995 http://secunia.com/advisories/21278 http://secunia.com/advisories/22129 http://secunia.com/advisories/23620 http://security.gentoo.org/glsa/glsa-200607-12.xml http://securitytracker.com • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-2199
https://notcve.org/view.php?id=CVE-2006-2199
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. Vulnerabilidad sin especificar en Java Applets en OpenOffice.org v1.1.x (tambien conocido como StarOffice) hasta la v1.1.5 y v2.0.x anteriores a v2.0.3 permite a atacantes asistidos por el usuario escapar el Java sandbox y realizar actividades no autorizadas a través de ciertos applets en documentos OpenOffice. • http://fedoranews.org/cms/node/2343 http://secunia.com/advisories/20867 http://secunia.com/advisories/20893 http://secunia.com/advisories/20910 http://secunia.com/advisories/20911 http://secunia.com/advisories/20913 http://secunia.com/advisories/20975 http://secunia.com/advisories/20995 http://secunia.com/advisories/21278 http://secunia.com/advisories/23620 http://security.gentoo.org/glsa/glsa-200607-12.xml http://securitytracker.com/id?1016414 http://sunsolve.sun.com •