CVSS: 9.3EPSS: 15%CPEs: 10EXPL: 0CVE-2007-4575 – OpenOffice.org-base allows Denial-of-Service and command injection
https://notcve.org/view.php?id=CVE-2007-4575
06 Dec 2007 — HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." HSQLDB versiones anteriores a 1.8.0.9, como es usado en OpenOffice.org (OOo) versiones 2 anteriores a 2.3.1, permite a los atacantes remotos asistidos por el usuario ejecutar código Java arbitrario por medio de documentos de base de datos diseñados relacionados con "exposing static java methods". • http://bugs.gentoo.org/show_bug.cgi?id=200771 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 92%CPEs: 10EXPL: 0CVE-2007-2834 – openoffice.org TIFF parsing heap overflow
https://notcve.org/view.php?id=CVE-2007-2834
18 Sep 2007 — Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. Desbordamiento de enteros en el analizador TIFF en OpenOffice.org (OOo) anterior a la versión 2.3; y Office Suit (StarSuite) de Sun StarOffice versiones 6, 7 y 8 ; ... • http://bugs.gentoo.org/show_bug.cgi?id=192818 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4251
https://notcve.org/view.php?id=CVE-2007-4251
08 Aug 2007 — OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service. OpenOffice.org (OOo) 2.2 no maneja adecuadamente ficheros con múltiples extensiones, lo cual permite a atacantes remotos con la complicidad del usuario provocar una denegación de servicio. • http://osvdb.org/46766 •
CVSS: 9.8EPSS: 37%CPEs: 1EXPL: 0CVE-2007-0245 – openoffice.org rtf filter buffer overflow
https://notcve.org/view.php?id=CVE-2007-0245
12 Jun 2007 — Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. Un desbordamiento de búfer en la región heap de la memoria en OpenOffice.org (OOo) versión 2.2.1 y anteriores permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo RTF con una etiqueta prtdata creada con una incoherencia de parámetro le... • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 70%CPEs: 4EXPL: 0CVE-2006-5870
https://notcve.org/view.php?id=CVE-2006-5870
31 Dec 2006 — Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. Múltiples desbordamientos de enteros en OpenOffice.org (OOo) 2.0.4 y... • ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc • CWE-189: Numeric Errors •
CVSS: 5.5EPSS: 13%CPEs: 1EXPL: 3CVE-2006-6628 – Microsoft Word Document - Malformed Pointer (PoC)
https://notcve.org/view.php?id=CVE-2006-6628
18 Dec 2006 — Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. Desbordamiento de enteros en el penOffice.org (OOo) 2.1 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caída de la aplicación) mediante un fichero DOC manipulado, como lo demostrado con el fichero 12122006-... • https://www.exploit-db.com/exploits/2922 •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2006-2199
https://notcve.org/view.php?id=CVE-2006-2199
30 Jun 2006 — Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. Vulnerabilidad sin especificar en Java Applets en OpenOffice.org v1.1.x (tambien conocido como StarOffice) hasta la v1.1.5 y v2.0.x anteriores a v2.0.3 permite a atacantes asistidos por el usuario escapar el Java sandbox y realizar actividades no autoriza... • http://fedoranews.org/cms/node/2343 •
CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 0CVE-2006-3117
https://notcve.org/view.php?id=CVE-2006-3117
30 Jun 2006 — Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." • http://fedoranews.org/cms/node/2343 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 3%CPEs: 24EXPL: 0CVE-2006-2198
https://notcve.org/view.php?id=CVE-2006-2198
30 Jun 2006 — OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. OpenOffice.org (también conocido como StarOffice) v1.1.x a v1.1.5 y v2.0.x anteriores a v2.0.3 permite a los atacantes de usuarios asistidos conducir actividades no autorizadas a través de un documento OpenOffice con una macro BASIC maliciosa, lo que es ejecutad sin con... • http://fedoranews.org/cms/node/2343 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2005-4636
https://notcve.org/view.php?id=CVE-2005-4636
31 Dec 2005 — OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. • http://qa.openoffice.org/issues/show_bug.cgi?id=53491 •