Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5747

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5747
Last Modified 11 Oct 2011 12:00:00
Published 17 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5747

Summary

Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.

Vulnerable Systems

Application

  • Sun Openoffice.org 1.1.0

  • Sun Openoffice.org 2.0.0

  • Sun Openoffice.org 2.1.0

  • Sun Openoffice.org 2.2.0

  • Sun Openoffice.org 2.3.0


References

CONFIRM - http://www.openoffice.org/security/cves/CVE-2007-5745.html

CONFIRM - http://www.openoffice.org/security/bulletin.html

DEBIAN - DSA-1547

FEDORA - FEDORA-2008-3251

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=435681

XF - openoffice-quattropro-code-execution(41881)

VUPEN - ADV-2008-1375

VUPEN - ADV-2008-1253

UBUNTU - USN-609-1

SECTRACK - 1019891

BID - 28819

REDHAT - RHSA-2008:0175

CONFIRM - http://www.openoffice.org/security/cves/CVE-2007-4770.html

SUSE - SUSE-SA:2008:023

MANDRIVA - MDVSA-2008:095

SUNALERT - 231601

GENTOO - GLSA-200805-16

SECUNIA - 30179

SECUNIA - 30100

SECUNIA - 29987

SECUNIA - 29913

SECUNIA - 29910

SECUNIA - 29871

SECUNIA - 29864

SECUNIA - 29852

IDEFENSE - 20080417 Multiple Vendor OpenOffice QPRO File Parsing Integer Underflow Vulnerability


Last Updated: 27 May 2016 10:46:16