CVE-2007-5745
openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
Múltiples desbordamientos de búfer en la región heap de la memoria en OpenOffice.org versiones anteriores a 2.4, permiten a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario por medio de un archivo Quattro Pro (QPRO) con (1) Atributo y (2) registros de Descripción de Fuente diseñados.
Remote exploitation of multiple buffer overflow vulnerabilities in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged in user. The first vulnerability occurs when parsing "Attribute" records from the file. Due to a lack of bounds checking during a loop that reads these records, an attacker can trigger a heap overflow by inserting more than 256 records. The second vulnerability is nearly identical to the first one, but involves the "Font Description" record instead of the "Attribute" record.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-31 CVE Reserved
- 2008-04-17 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (28)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691 | Third Party Advisory | |
| http://www.openoffice.org/security/cves/CVE-2007-4770.html | X_refsource_confirm | |
| http://www.securityfocus.com/bid/28819 | Vdb Entry | |
| http://www.securitytracker.com/id?1019891 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41863 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11006 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29864 | 2017-09-29 | |
| http://www.debian.org/security/2008/dsa-1547 | 2017-09-29 | |
| http://www.openoffice.org/security/bulletin.html | 2017-09-29 | |
| http://www.openoffice.org/security/cves/CVE-2007-5745.html | 2017-09-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openoffice Search vendor "Openoffice" | Openoffice Search vendor "Openoffice" for product "Openoffice" | <= 2.3.1 Search vendor "Openoffice" for product "Openoffice" and version " <= 2.3.1" | - |
Affected
| ||||||