CVSS: 9.3EPSS: 42%CPEs: 7EXPL: 0CVE-2009-3301 – OpenOffice.org Word sprmTDefTable Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3301
16 Feb 2010 — Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document. Desbordamiento de enteros en filter/ww8/ww8par2.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída aplicación) o probablemente ejecutar código de su elección a través de una tabla modificadora ... • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.3EPSS: 42%CPEs: 7EXPL: 0CVE-2009-3302 – OpenOffice.org Word sprmTSetBrc Memory Corruption
https://notcve.org/view.php?id=CVE-2009-3302
16 Feb 2010 — filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw." filter/ww8/ww8par2.cxx en OpenOffice.org (OOo) anterior v3.2 permite a atacantes remotos causar una denegación de servicio (caída de aplicacion) o probablemente ejecutar código de su elección a través de una tabla modificadora de propiedade... • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 6%CPEs: 9EXPL: 0CVE-2010-0136
https://notcve.org/view.php?id=CVE-2010-0136
16 Feb 2010 — OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document. OpenOffice.org (OOo) V2.0.4, V2.4.1, y v3.1.1 no refuerza adecuadamente la configuración de la macro de seguridad de Visual Basic para Aplicaciones (VBA), lo que permite a atacantes remotos correr macros de su elección a través de un documento manipulado. • http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00005.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 8%CPEs: 1EXPL: 0CVE-2007-5745 – openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records
https://notcve.org/view.php?id=CVE-2007-5745
17 Apr 2008 — Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. Múltiples desbordamientos de búfer en la región heap de la memoria en OpenOffice.org versiones anteriores a 2.4, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un archivo Qua... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 5%CPEs: 10EXPL: 0CVE-2007-4575 – OpenOffice.org-base allows Denial-of-Service and command injection
https://notcve.org/view.php?id=CVE-2007-4575
06 Dec 2007 — HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." HSQLDB versiones anteriores a 1.8.0.9, como es usado en OpenOffice.org (OOo) versiones 2 anteriores a 2.3.1, permite a los atacantes remotos asistidos por el usuario ejecutar código Java arbitrario por medio de documentos de base de datos diseñados relacionados con "exposing static java methods". • http://bugs.gentoo.org/show_bug.cgi?id=200771 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 10%CPEs: 10EXPL: 0CVE-2007-2834 – openoffice.org TIFF parsing heap overflow
https://notcve.org/view.php?id=CVE-2007-2834
18 Sep 2007 — Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. Desbordamiento de enteros en el analizador TIFF en OpenOffice.org (OOo) anterior a la versión 2.3; y Office Suit (StarSuite) de Sun StarOffice versiones 6, 7 y 8 ; ... • http://bugs.gentoo.org/show_bug.cgi?id=192818 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2007-0245 – openoffice.org rtf filter buffer overflow
https://notcve.org/view.php?id=CVE-2007-0245
12 Jun 2007 — Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. Un desbordamiento de búfer en la región heap de la memoria en OpenOffice.org (OOo) versión 2.2.1 y anteriores permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo RTF con una etiqueta prtdata creada con una incoherencia de parámetro le... • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 21%CPEs: 4EXPL: 0CVE-2006-5870
https://notcve.org/view.php?id=CVE-2006-5870
31 Dec 2006 — Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. Múltiples desbordamientos de enteros en OpenOffice.org (OOo) 2.0.4 y... • ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc • CWE-189: Numeric Errors •