Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2972

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2005-2972
Last Modified 06 Sep 2011 12:00:00
Published 23 Oct 2005 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-2972

Summary

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.

Vulnerable Systems

Application

  • Abisource Community Abiword 2.2.10


References

GENTOO - GLSA-200510-17

VUPEN - ADV-2005-2086

UBUNTU - USN-203-1

BID - 15096

OSVDB - 20015

MISC - http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html

DEBIAN - DSA-894

CONFIRM - http://www.abisource.com/changelogs/2.2.11.phtml

SECUNIA - 17551

SECUNIA - 17264

SECUNIA - 17213

SECUNIA - 17200

SECUNIA - 17199

MISC - http://scary.beasts.org/security/CESA-2005-006.txt


Last Updated: 27 May 2016 10:40:42