CVE-2007-5745 – openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records
https://notcve.org/view.php?id=CVE-2007-5745
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records. Múltiples desbordamientos de búfer en la región heap de la memoria en OpenOffice.org versiones anteriores a 2.4, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un archivo Quattro Pro (QPRO) con (1) Atributo y (2) registros de Descripción de Fuente diseñados. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691 http://secunia.com/advisories/29852 http://secunia.com/advisories/29864 http://secunia.com/advisories/29871 http://secunia.com/advisories/29910 http://secunia.com/advisories/29913 http://secunia.com/advisories/29987 http://secunia.com/advisories/30100 http://secunia.com/advisories/30179 http://security.gentoo.org/glsa/glsa-200805-16.xml http://sunsolve.sun.com/search/document.do?assetkey=1-26-231601-1 http& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4575 – OpenOffice.org-base allows Denial-of-Service and command injection
https://notcve.org/view.php?id=CVE-2007-4575
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods." HSQLDB versiones anteriores a 1.8.0.9, como es usado en OpenOffice.org (OOo) versiones 2 anteriores a 2.3.1, permite a los atacantes remotos asistidos por el usuario ejecutar código Java arbitrario por medio de documentos de base de datos diseñados relacionados con "exposing static java methods". • http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html http://secunia.com/advisories/27914 http://secunia.com/advisories/27916 http://secunia.com/advisories/27928 http://secunia.com/advisories/27931 http://secunia.com/advisories/27972 http://secunia.com/advisories/28018 http://secunia.com/advisories/28039 http://secunia.com/advisories/28286 http://secunia.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-2834 – openoffice.org TIFF parsing heap overflow
https://notcve.org/view.php?id=CVE-2007-2834
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. Desbordamiento de enteros en el analizador TIFF en OpenOffice.org (OOo) anterior a la versión 2.3; y Office Suit (StarSuite) de Sun StarOffice versiones 6, 7 y 8 ; permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo TIFF con valores creados de campos de longitud no especificada, lo que desencadena la asignación de una cantidad inapropiada de memoria, resultando en un desbordamiento de búfer en la región heap de la memoria. • http://bugs.gentoo.org/show_bug.cgi?id=192818 http://fedoranews.org/updates/FEDORA-2007-237.shtml http://fedoranews.org/updates/FEDORA-2007-700.shtml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593 http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html http://secunia.com/advisories/26816 http://secunia.com/advisories/26817 http://secunia.com/advisories/26839 http://secunia.com/advisories/26844 http://secunia.com/advisories/26855 http:/ • CWE-190: Integer Overflow or Wraparound •
CVE-2007-0245 – openoffice.org rtf filter buffer overflow
https://notcve.org/view.php?id=CVE-2007-0245
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten. Un desbordamiento de búfer en la región heap de la memoria en OpenOffice.org (OOo) versión 2.2.1 y anteriores permite a los atacantes remotos ejecutar código arbitrario por medio de un archivo RTF con una etiqueta prtdata creada con una incoherencia de parámetro length, lo que causa que las entradas de vtable se sobrescriban. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://osvdb.org/35378 http://secunia.com/advisories/25648 http://secunia.com/advisories/25650 http://secunia.com/advisories/25673 http://secunia.com/advisories/25705 http://secunia.com/advisories/25862 http://secunia.com/advisories/25894 http://secunia.com/advisories/25905 http://secunia.com/advisories/26010 http://secunia.com/advisories/26022 http://secunia.com/advisories/26476 http://sunsolve. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-5870
https://notcve.org/view.php?id=CVE-2006-5870
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. Múltiples desbordamientos de enteros en OpenOffice.org (OOo) 2.0.4 y anteriores, y posiblemente otras versiones anteriores a 2.1.0;y StarOffice 6 hasta 8; permiten a un atacante remoto con la intervención del usuario ejecutar código de su elección mediante (1) ficheros WMF o (b) EMF manipulados que disparan un desbordamiento de búfer basado en montículo en (1) wmf/winwmf.cxx, durante el procesamiento de registros META_ESCAPE; y wmf/enhwmf.cxx durante el procesamiento de (2) registros EMR_POLYPOLYGON y (3) EMR_POLYPOLYGON16. • ftp://patches.sgi.com/support/free/security/advisories/20070101-01-P.asc http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.htmly http://fedoranews.org/cms/node/2344 http://lists.suse.com/archive/suse-security-announce/2007-Jan/0001.html http://osvdb.org/32610 http://osvdb.org/32611 http://secunia.com/advisories/23549 http://secunia.com/advisories/23600 http://secunia.com/advisories/23612 http://secunia.com/advisories/23616 http://secunia.com/advisories/23620 • CWE-189: Numeric Errors •