CVSS: 9.3EPSS: 14%CPEs: 2EXPL: 0CVE-2010-2936 – OpenOffice.org: Heap-based buffer overflow by parsing specially-crafted Microsoft PowerPoint document
https://notcve.org/view.php?id=CVE-2010-2936
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow. Desbordamiento de entero en simpress.bin en el módulo Impress en OpenOffice.org (OOo) v3.2.1 sobre Windows, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente, la ejecución de código de su elección a través de polígonos modificados en un documento PowerPoint que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://secunia.com/advisories/40775 http://secunia.com/advisories/41052 http://secunia.com/advisories/41235 http://secunia.com/advisories/42927 http://secunia.com/advisories/43105 http://secunia.com/advisories/60799 http://securityevaluators.com/files/papers/CrashAnalysis.pdf http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/secu • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 12%CPEs: 2EXPL: 0CVE-2010-2935 – OpenOffice.Org: Integer truncation error by parsing specially-crafted Microsoft PowerPoint document
https://notcve.org/view.php?id=CVE-2010-2935
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error." simpress.bin en el módulo Impress en OpenOffice.org (OOo) v3.2.1 sobre Windows, no maneja adecuadamente los valores enteros asociados a las propiedades de los elementos del diccionario, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código de su elección a través de polígonos modificados en un documento PowerPoint que provoca un desbordamiento de búfer basado en memoria dinámica (heap). • http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://secunia.com/advisories/40775 http://secunia.com/advisories/41052 http://secunia.com/advisories/41235 http://secunia.com/advisories/42927 http://secunia.com/advisories/43105 http://secunia.com/advisories/60799 http://securityevaluators.com/files/papers/CrashAnalysis.pdf http://ubuntu.com/usn/usn-1056-1 http://www.debian.org/secu • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3570
https://notcve.org/view.php?id=CVE-2009-3570
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en OpenOffice.org (OOo) tiene impacto y vectores de ataque remotos no especificados, según lo demostrado por cierto módulo en VulnDisco Pack Professional 8.9. NOTA: a partir de 20091005 , esta divulgación no tiene información práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/35036 http://www.securityfocus.com/bid/36285 http://www.securitytracker.com/id?1022828 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3571
https://notcve.org/view.php?id=CVE-2009-3571
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad no especificada en OpenOffice.org (OOo) tiene un impacto desconocido y vector de ataque del lado del cliente, según lo demostrado por cierto módulo en VulnDisco Pack Professional 8.8, también conocido como "Client-side exploit." NOTA: a partir de 20091005, esta divulgación no tiene información práctica. • http://intevydis.com/vd-list.shtml http://secunia.com/advisories/35036 http://www.securityfocus.com/bid/36285 http://www.securitytracker.com/id?1022832 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 33%CPEs: 17EXPL: 0CVE-2009-0201 – OpenOffice.org Word document buffer overflow
https://notcve.org/view.php?id=CVE-2009-0201
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing." Desbordamiento de búfer basado en memoria dinámica en OpenOffice.org (OOo) en versiones anteriores a la 3.1.1 puede permitir atacantes remotos ejecutar código de su elección mediante registros no especificados en un documento de Word manipulado, en relación con "table parsing." • http://development.openoffice.org/releases/3.1.1.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36750 http://secunia.com/advisories/60799 http://secunia.com/secunia_research/2009-27 http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1 http://www.debian.org/security/2009/dsa-1880 http://www. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •