Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2949

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-2949
Last Modified 13 Nov 2014 09:59:29
Published 16 Feb 2010 02:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2949

Summary

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Sun Openoffice.org 1.1.0

  • Sun Openoffice.org 2.0.0

  • Sun Openoffice.org 2.0.3

  • Sun Openoffice.org 2.1.0

  • Sun Openoffice.org 2.2.0

  • Sun Openoffice.org 2.2.1

  • Sun Openoffice.org 2.3.0

  • Sun Openoffice.org 2.3.1

  • Sun Openoffice.org 2.4.0

  • Sun Openoffice.org 2.4.1

  • Sun Openoffice.org 2.4.2

  • Sun Openoffice.org 2.4.3

  • Sun Openoffice.org 3.0.0

  • Sun Openoffice.org 3.0.1

  • Sun Openoffice.org 3.1.0

  • Sun Openoffice.org 3.1.1


References

CERT - TA10-287A

VUPEN - ADV-2010-0366

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=527540

XF - openoffice-xpm-bo(56236)

VUPEN - ADV-2010-2905

VUPEN - ADV-2010-0635

UBUNTU - USN-903-1

BID - 38218

REDHAT - RHSA-2010:0101

CONFIRM - http://www.openoffice.org/security/cves/CVE-2009-2949.html

CONFIRM - http://www.openoffice.org/security/bulletin.html

MANDRIVA - MDVSA-2010:221

DEBIAN - DSA-1995

SECTRACK - 1023591

SECUNIA - 38921

SECUNIA - 38695

SECUNIA - 38568

SECUNIA - 38567

SUSE - SUSE-SA:2010:017

GENTOO - GLSA-201408-19

SECUNIA - 60799

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html

SECUNIA - 41818


Last Updated: 27 May 2016 10:52:00