Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0645

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0645
Last Modified 10 Sep 2008 03:27:08
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0645

Summary

Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.

Vulnerable Systems

Application

  • Abisource Community Abiword 2.0.3

  • Abisource Community Abiword 2.0.4

  • Abisource Community Abiword 2.0.5

  • Abisource Community Abiword 2.0.6

  • Abisource Community Abiword 2.0.7

  • Wvware 0.7.4

  • Wvware 0.7.5

  • Wvware 0.7.6

  • Wvware 1.0


References

IDEFENSE - 20040709 wvWare Library Buffer Overflow Vulnerability

GENTOO - GLSA-200407-11

FEDORA - FLSA:1906

XF - wvware-wvhandledatetimepicture-bo(16660)

OSVDB - 7761

MANDRAKE - MDKSA-2004:077

CONFIRM - http://www.freebsd.org/ports/portaudit/7a5430df-d562-11d8-b479-02e0185c0b53.html

DEBIAN - DSA-579

CONFIRM - http://cpan.cybercomm.nl/pub/gentoo-portage/app-text/wv/files/wv-1.0.0-fix_overflow.patch

CONECTIVA - CLA-2004:863


Last Updated: 27 May 2016 10:38:42