Summary
The host has OpenOffice installed and is prone to buffer overflow and directory traversal vulnerabilities.
Impact
Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will crash the application.
Impact Level: System/Application
Solution
Upgrade to OpenOffice Version 3.3.0 or later
For updates refer to http://www.openoffice.org/
Insight
Multiple flaws are due to:
- A buffer overflow error when processing malformed TGA files and PNG files - A memory corruption error within the 'WW8ListManager::WW8ListManager()' and 'WW8DopTypography::ReadFromMem()' function when processing malformed data
- A memory corruption error when processing malformed RTF data - A directory traversal error related to 'zip/jar' package extraction - A buffer overflow error when processing malformed PPT files
Affected
OpenOffice Version 2.x and 3.x to 3.2.0 on windows.
References
Severity
Classification
-
CVE CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-4253, CVE-2010-4643 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Code Execution and DoS Vulnerabilities (Linux)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Mac OS X)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)