CVSS: 9.3EPSS: 0%CPEs: 9EXPL: 0CVE-2010-0136
https://notcve.org/view.php?id=CVE-2010-0136
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. OpenOffice.org (OOo) V2.0.4, V2.4.1, y v3.1.1 no refuerza adecuadamente la configuración de la macro de seguridad de Visual Basic para Aplicaciones (VBA), lo que permite a atacantes remotos correr macros de su elección a través de un documento manipulado. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://securitytracker.com/id?1023588 http://www.debian.org/security/2010/dsa-1995 http://www.mail-archive.com/debian-openoffice%40lists.debian.org/msg23178.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:221 http://www.securityfocus.com/bid/38245 http://www.ubuntu.com/usn/USN-903-1 http://www.vupen.com/english/ad • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.3EPSS: 56%CPEs: 7EXPL: 0CVE-2009-3301 – OpenOffice.org Word sprmTDefTable Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3301
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Desbordamiento de enteros en filter/ww8/ww8par2.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través de una tabla modificadora de propiedades sprmTDefTable manipulada en un documento Word. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://securitytracker.com/id?1023591 http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name& • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.3EPSS: 39%CPEs: 7EXPL: 0CVE-2009-3302 – OpenOffice.org Word sprmTSetBrc Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3302
filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." filter/ww8/ww8par2.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicacion) o probablemente ejecutar código de su elección a través de una tabla modificadora de propiedades sprmTDefTable manipulada en un documento Word, relacionado con "defecto de error de limite" (boundary error flaw). • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://securitytracker.com/id?1023591 http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 16%CPEs: 7EXPL: 0CVE-2009-2949 – openoffice.org: integer overflow in XPM processing
https://notcve.org/view.php?id=CVE-2009-2949
Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow. Desbordamiento de enteros en la función XPMReader::ReadXPM en filter.vcl/ixpm/svt_xpmread.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos ejecutar código de su elección a través de un fichero XPM manipulado que provoca un desbordamiento de buffer basado en pila. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://securitytracker.com/id?1023591 http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name& • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 8%CPEs: 7EXPL: 0CVE-2009-2950 – openoffice.org: GIF file parsing heap overflow
https://notcve.org/view.php?id=CVE-2009-2950
Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression. Desbordamiento de búfer basado en pila en la función GIFLZWDecompressor::GIFLZWDecompressor en filter.vcl/lgif/decode.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicación) o probablemente ejecutar código de su elección a través de un fichero GIF manipulado, relacionado con la d escompresión LZW. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html http://secunia.com/advisories/38567 http://secunia.com/advisories/38568 http://secunia.com/advisories/38695 http://secunia.com/advisories/38921 http://secunia.com/advisories/41818 http://secunia.com/advisories/60799 http://securitytracker.com/id?1023591 http://www.debian.org/security/2010/dsa-1995 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name& • CWE-787: Out-of-bounds Write •