Page 6 of 30 results (0.006 seconds)

CVSS: 7.6EPSS: 1%CPEs: 24EXPL: 0

OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. OpenOffice.org (también conocido como StarOffice) v1.1.x a v1.1.5 y v2.0.x anteriores a v2.0.3 permite a los atacantes de usuarios asistidos conducir actividades no autorizadas a través de un documento OpenOffice con una macro BASIC maliciosa, lo que es ejecutad sin confirmación al usuario. • http://fedoranews.org/cms/node/2343 http://secunia.com/advisories/20867 http://secunia.com/advisories/20893 http://secunia.com/advisories/20910 http://secunia.com/advisories/20911 http://secunia.com/advisories/20913 http://secunia.com/advisories/20975 http://secunia.com/advisories/20995 http://secunia.com/advisories/21278 http://secunia.com/advisories/22129 http://secunia.com/advisories/23620 http://security.gentoo.org/glsa/glsa-200607-12.xml http://securitytracker.com • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. • http://qa.openoffice.org/issues/show_bug.cgi?id=53491 http://securitytracker.com/id?1015419 http://www.mandriva.com/security/advisories?name=MDKSA-2006:033 •

CVSS: 5.1EPSS: 3%CPEs: 7EXPL: 0

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. • http://secunia.com/advisories/17027 http://www.gentoo.org/security/en/glsa/glsa-200504-13.xml http://www.novell.com/linux/security/advisories/2005_21_sr.html http://www.openoffice.org/issues/show_bug.cgi?id=46388 http://www.redhat.com/support/errata/RHSA-2005-375.html http://www.securityfocus.com/archive/1/395516 http://www.securityfocus.com/bid/13092 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9106 https://access.redhat.com/secur •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. OpenOffice (OOo) 1.12 crea nombres de directorios predecibles con permisos inseguros durante el inicio, lo que puede permitir a usuarios locales leer o listar ficheros de otros usuarios. • http://marc.info/?l=bugtraq&m=109483308421566&w=2 http://secunia.com/advisories/12302 http://secunia.com/advisories/12546 http://secunia.com/advisories/12668 http://secunia.com/advisories/12914 http://secunia.com/advisories/12932 http://securitytracker.com/id?1011205 http://www.openoffice.org/issues/show_bug.cgi?id=33357 http://www.osvdb.org/9804 http://www.redhat.com/support/errata/RHSA-2004-446.html http://www.securityfocus.com/bid/11151 https://exchange.xforce& •

CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 1

The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file. • http://archives.neohapsis.com/archives/bugtraq/2002-10/0161.html http://www.iss.net/security_center/static/10346.php http://www.securityfocus.com/bid/5950 •