Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0941

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-0941
Last Modified 21 Aug 2010 12:27:17
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-0941

Summary

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

Vulnerable Systems

Application

  • Openoffice 1.0.1

  • Openoffice 1.0.2

  • Openoffice 1.1.0

  • Openoffice 1.1.1

  • Openoffice 1.1.2

  • Openoffice 1.1.3

  • Openoffice 1.1.4


References

BID - 13092

BUGTRAQ - 20050412 OpenOffice DOC document Heap Overflow

REDHAT - RHSA-2005:375

CONFIRM - http://www.openoffice.org/issues/show_bug.cgi?id=46388

GENTOO - GLSA-200504-13

SUSE - SUSE-SR:2005:021

SECUNIA - 17027


Last Updated: 27 May 2016 10:39:58