Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2149

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2149
Last Modified 24 Oct 2014 02:32:58
Published 21 Jun 2012 11:55:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2149

Summary

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.

Vulnerable Systems

Application

  • Apache Openoffice.org 3.3

  • Apache Openoffice.org 3.4

  • Fridrich Strba Libwpd 0.8.8


References

MISC - https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt

BID - 53570

CONFIRM - http://www.openoffice.org/security/cves/CVE-2012-2149.html

SECUNIA - 46992

MISC - http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html

REDHAT - RHSA-2012:1043

SECTRACK - 1027069

BUGTRAQ - 20120516 CVE-2012-2149 OpenOffice.org memory overwrite vulnerability

GENTOO - GLSA-201408-19

SECUNIA - 60799

Related Patches

Red Hat 2012:1043-01 RHSA Important: libwpd security update for RHEL 5 x86

Red Hat 2012:1043-01 RHSA Important: libwpd security update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:56:34