Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0213

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-0213
Last Modified 17 Jan 2014 12:01:03
Published 07 Aug 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-0213

Summary

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

Vulnerable Systems

Application

  • Apache Poi 0.1

  • Apache Poi 0.10.0

  • Apache Poi 0.11.0

  • Apache Poi 0.12.0

  • Apache Poi 0.13.0

  • Apache Poi 0.14.0

  • Apache Poi 0.2

  • Apache Poi 0.3

  • Apache Poi 0.4

  • Apache Poi 0.5

  • Apache Poi 0.6

  • Apache Poi 0.7

  • Apache Poi 1.0.0

  • Apache Poi 1.0.1

  • Apache Poi 1.0.2

  • Apache Poi 1.1.0

  • Apache Poi 1.10

  • Apache Poi 1.2.0

  • Apache Poi 1.5

  • Apache Poi 1.5.1

  • Apache Poi 1.7

  • Apache Poi 1.8

  • Apache Poi 2.0

  • Apache Poi 2.5

  • Apache Poi 2.5.1

  • Apache Poi 3.0

  • Apache Poi 3.0.1

  • Apache Poi 3.0.2

  • Apache Poi 3.1

  • Apache Poi 3.2

  • Apache Poi 3.5

  • Apache Poi 3.6

  • Apache Poi 3.7

  • Apache Poi 3.8


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=799078

DEBIAN - DSA-2468

SECUNIA - 49040

FEDORA - FEDORA-2012-10835

SECUNIA - 50549

REDHAT - RHSA-2012:1232

CONFIRM - https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044

MANDRIVA - MDVSA-2013:094


Last Updated: 27 May 2016 10:53:35