Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5746

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5746
Last Modified 07 Mar 2011 12:00:00
Published 17 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5746

Summary

Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Openoffice.org 2.0.3

  • Openoffice.org 2.1

  • Openoffice.org 2.2

  • Openoffice.org 2.2.1

  • Openoffice.org 2.3

  • Openoffice.org 2.3.1


References

FEDORA - FEDORA-2008-3251

XF - openoffice-emf-bo(41861)

VUPEN - ADV-2008-1375

VUPEN - ADV-2008-1253

UBUNTU - USN-609-1

SECTRACK - 1019892

BID - 28819

REDHAT - RHSA-2008:0176

REDHAT - RHSA-2008:0175

CONFIRM - http://www.openoffice.org/security/cves/CVE-2007-5746.html

CONFIRM - http://www.openoffice.org/security/cves/CVE-2007-5745.html

CONFIRM - http://www.openoffice.org/security/cves/CVE-2007-4770.html

CONFIRM - http://www.openoffice.org/security/bulletin.html

SUSE - SUSE-SA:2008:023

MANDRIVA - MDVSA-2008:095

MANDRIVA - MDVSA-2008:090

DEBIAN - DSA-1547

SUNALERT - 231661

GENTOO - GLSA-200805-16

SECUNIA - 30179

SECUNIA - 30100

SECUNIA - 29987

SECUNIA - 29913

SECUNIA - 29910

SECUNIA - 29871

SECUNIA - 29864

SECUNIA - 29852

SECUNIA - 29844

IDEFENSE - 20080417 Multiple Vendor OpenOffice EMF EMR_BITBLT Record Integer Overflow Vulnerability


Last Updated: 27 May 2016 10:46:16