CVE-2007-5745 – openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records
https://notcve.org/view.php?id=CVE-2007-5745
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. Múltiples desbordamientos de búfer en la región heap de la memoria en OpenOffice.org versiones anteriores a 2.4, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un archivo Quattro Pro (QPRO) con (1) Atributo y (2) registros de Descripción de Fuente diseñados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691 http://secunia.com/advisories/29852 http://secunia.com/advisories/29864 http://secunia.com/advisories/29871 http://secunia.com/advisories/29910 http://secunia.com/advisories/29913 http://secunia.com/advisories/29987 http://secunia.com/advisories/30100 http://secunia.com/advisories/30179 http://security.gentoo.org/glsa/glsa-200805-16.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-231601-1 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4575 – OpenOffice.org-base allows Denial-of-Service and command injection
https://notcve.org/view.php?id=CVE-2007-4575
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." HSQLDB versiones anteriores a 1.8.0.9, como es usado en OpenOffice.org (OOo) versiones 2 anteriores a 2.3.1, permite a los atacantes remotos asistidos por el usuario ejecutar código Java arbitrario por medio de documentos de base de datos diseñados relacionados con "exposing static java methods". • http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html http://secunia.com/advisories/27914 http://secunia.com/advisories/27916 http://secunia.com/advisories/27928 http://secunia.com/advisories/27931 http://secunia.com/advisories/27972 http://secunia.com/advisories/28018 http://secunia.com/advisories/28039 http://secunia.com/advisories/28286 http://secunia.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-4251
https://notcve.org/view.php?id=CVE-2007-4251
OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. OpenOffice.org (OOo) 2.2 no maneja adecuadamente ficheros con múltiples extensiones, lo cual permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio. • http://osvdb.org/46766 http://securityreason.com/securityalert/3004 http://www.securityfocus.com/archive/1/475534/100/0/threaded http://www.securitytracker.com/id?1018544 https://exchange.xforce.ibmcloud.com/vulnerabilities/35806 •
CVE-2007-0245 – openoffice.org rtf filter buffer overflow
https://notcve.org/view.php?id=CVE-2007-0245
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. Un desbordamiento de búfer en la región heap de la memoria en OpenOffice.org (OOo) versión 2.2.1 y anteriores permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo RTF con una etiqueta prtdata creada con una incoherencia de parámetro length, lo que causa que las entradas de vtable se sobrescriban. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://osvdb.org/35378 http://secunia.com/advisories/25648 http://secunia.com/advisories/25650 http://secunia.com/advisories/25673 http://secunia.com/advisories/25705 http://secunia.com/advisories/25862 http://secunia.com/advisories/25894 http://secunia.com/advisories/25905 http://secunia.com/advisories/26010 http://secunia.com/advisories/26022 http://secunia.com/advisories/26476 http://sunsolve. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-0238
https://notcve.org/view.php?id=CVE-2007-0238
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note. Un desbordamiento de búfer en la región stack de la memoria en el archivo filter\starcalc\scflt.cxx en el analizador StarCalc en OpenOffice.org (OOo) Office Suite anterior a versión 2.2 y versión 1.x anterior a 1.1.5 parche, permite a los atacantes remotos asistidos por el usuario ejecutar código arbitrario por medio de un documento con una Nota larga. • http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html http://secunia.com/advisories/24465 http://secunia.com/advisories/24550 http://secunia.com/advisories/24588 http://secunia.com/advisories/24613 http://secunia.com/advisories/24646 http://secunia.com/advisories/24647 http://secunia.com/advisories/24676 http://secunia.com/advisories/24810 http://secunia.com/advisories/24906 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102794-1 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •