CVE-2007-5746 – openoffice.org: EMF files parsing EMR_BITBLT record heap overflows
https://notcve.org/view.php?id=CVE-2007-5746
Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow. Un desbordamiento de enteros en OpenOffice.org versiones anteriores a 2.4, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un archivo EMF con un registro EMR_STRETCHBLT especialmente diseñado, que desencadena un desbordamiento de búfer en la región heap de la memoria. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692 http://secunia.com/advisories/29844 http://secunia.com/advisories/29852 http://secunia.com/advisories/29864 http://secunia.com/advisories/29871 http://secunia.com/advisories/29910 http://secunia.com/advisories/29913 http://secunia.com/advisories/29987 http://secunia.com/advisories/30100 http://secunia.com/advisories/30179 http://security.gentoo.org/glsa/glsa-200805-16.xml http://sunsolve.sun.com/search/ • CWE-189: Numeric Errors •
CVE-2007-4575 – OpenOffice.org-base allows Denial-of-Service and command injection
https://notcve.org/view.php?id=CVE-2007-4575
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." HSQLDB versiones anteriores a 1.8.0.9, como es usado en OpenOffice.org (OOo) versiones 2 anteriores a 2.3.1, permite a los atacantes remotos asistidos por el usuario ejecutar código Java arbitrario por medio de documentos de base de datos diseñados relacionados con "exposing static java methods". • http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html http://secunia.com/advisories/27914 http://secunia.com/advisories/27916 http://secunia.com/advisories/27928 http://secunia.com/advisories/27931 http://secunia.com/advisories/27972 http://secunia.com/advisories/28018 http://secunia.com/advisories/28039 http://secunia.com/advisories/28286 http://secunia.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-4251
https://notcve.org/view.php?id=CVE-2007-4251
OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. OpenOffice.org (OOo) 2.2 no maneja adecuadamente ficheros con múltiples extensiones, lo cual permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio. • http://osvdb.org/46766 http://securityreason.com/securityalert/3004 http://www.securityfocus.com/archive/1/475534/100/0/threaded http://www.securitytracker.com/id?1018544 https://exchange.xforce.ibmcloud.com/vulnerabilities/35806 •
CVE-2007-0245 – openoffice.org rtf filter buffer overflow
https://notcve.org/view.php?id=CVE-2007-0245
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. Un desbordamiento de búfer en la región heap de la memoria en OpenOffice.org (OOo) versión 2.2.1 y anteriores permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo RTF con una etiqueta prtdata creada con una incoherencia de parámetro length, lo que causa que las entradas de vtable se sobrescriban. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://osvdb.org/35378 http://secunia.com/advisories/25648 http://secunia.com/advisories/25650 http://secunia.com/advisories/25673 http://secunia.com/advisories/25705 http://secunia.com/advisories/25862 http://secunia.com/advisories/25894 http://secunia.com/advisories/25905 http://secunia.com/advisories/26010 http://secunia.com/advisories/26022 http://secunia.com/advisories/26476 http://sunsolve. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0239
https://notcve.org/view.php?id=CVE-2007-0239
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document. OpenOffice.org (OOo) Office Suite permite a atacantes con la intervención del usuario ejecutar comandos de su elección mediante la inserción de metacaracteres de shell en un enlace preparado dentro de un documento manipulado. • http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html http://secunia.com/advisories/24465 http://secunia.com/advisories/24550 http://secunia.com/advisories/24588 http://secunia.com/advisories/24613 http://secunia.com/advisories/24646 http://secunia.com/advisories/24647 http://secunia.com/advisories/24676 http://secunia.com/advisories/24810 http://secunia.com/advisories/24906 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1 http://www. •