CVE-2012-3455
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
Desbordamiento de búfer de memoria dinámica en la función de lectura en filters/words/msword-odf/wv2/src/styles.cpp en el filtro Microsoft import filter in KOffice 2.3.3 y anteriores que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y posiblemente la ejecución de código arbitrario a través de un estilo ODF manipulado en un documento ODF. NOTA:esta es la misma vulnerabilidad que CVE-2012-3456, pero fue dividida por el CNA debido a que Calligra y KOffice comparten parte del mismo código.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-06-14 CVE Reserved
- 2012-08-09 CVE Published
- 2024-08-06 CVE Updated
- 2024-09-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf | X_refsource_misc | |
| http://www.kde.org/info/security/advisory-20120810-1.txt | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2012/08/04/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/08/04/5 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/08/06/1 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/08/06/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2012/08/10/1 | Mailing List |
|
| http://www.securityfocus.com/bid/54816 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/77483 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2012-08/msg00040.html | 2023-11-07 | |
| http://secunia.com/advisories/50199 | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-1526-1 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | <= 2.3.3 Search vendor "Kde" for product "Koffice" and version " <= 2.3.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.2 Search vendor "Kde" for product "Koffice" and version "1.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.2.1 Search vendor "Kde" for product "Koffice" and version "1.2.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3 Search vendor "Kde" for product "Koffice" and version "1.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3 Search vendor "Kde" for product "Koffice" and version "1.3" | beta1 |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3 Search vendor "Kde" for product "Koffice" and version "1.3" | beta2 |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3 Search vendor "Kde" for product "Koffice" and version "1.3" | beta3 |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3.1 Search vendor "Kde" for product "Koffice" and version "1.3.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3.2 Search vendor "Kde" for product "Koffice" and version "1.3.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3.3 Search vendor "Kde" for product "Koffice" and version "1.3.3" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3.4 Search vendor "Kde" for product "Koffice" and version "1.3.4" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.3.5 Search vendor "Kde" for product "Koffice" and version "1.3.5" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.4 Search vendor "Kde" for product "Koffice" and version "1.4" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.4.1 Search vendor "Kde" for product "Koffice" and version "1.4.1" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.4.2 Search vendor "Kde" for product "Koffice" and version "1.4.2" | - |
Affected
| ||||||
| Kde Search vendor "Kde" | Koffice Search vendor "Kde" for product "Koffice" | 1.6.1 Search vendor "Kde" for product "Koffice" and version "1.6.1" | - |
Affected
| ||||||