Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2665

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-2665
Last Modified 13 Nov 2014 10:00:43
Published 06 Aug 2012 02:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-2665

Summary

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

Vulnerable Systems

Application

  • Libreoffice 3.5.

  • Libreoffice 3.5.0

  • Libreoffice 3.5.1

  • Libreoffice 3.5.2

  • Libreoffice 3.5.3

  • Libreoffice 3.5.4

  • Sun Openoffice.org


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=826077

SECTRACK - 1027332

SECTRACK - 1027331

SECUNIA - 50146

SECUNIA - 50142

REDHAT - RHSA-2012:1135

UBUNTU - USN-1537-1

UBUNTU - USN-1536-1

DEBIAN - DSA-2520

BID - 54769

GENTOO - GLSA-201209-05

SECUNIA - 50692

GENTOO - GLSA-201408-19

SECUNIA - 60799

MISC - http://www.pre-cert.de/advisories/PRE-SA-2012-05.txt

CONFIRM - http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665/

Related Patches

Red Hat 2012:1136-01 RHSA Important: openoffice.org security update for RHEL 5 x86

Red Hat 2012:1136-01 RHSA Important: openoffice.org security update for RHEL 5 x86_64


Last Updated: 27 May 2016 10:55:02