Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3455

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3455
Last Modified 11 Oct 2012 11:29:28
Published 20 Aug 2012 03:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3455

Summary

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Vulnerable Systems

Application

  • Kde Koffice 1.2

  • Kde Koffice 1.2.1

  • Kde Koffice 1.3

  • Kde Koffice 1.3.1

  • Kde Koffice 1.3.2

  • Kde Koffice 1.3.3

  • Kde Koffice 1.3.4

  • Kde Koffice 1.3.5

  • Kde Koffice 1.4

  • Kde Koffice 1.4.1

  • Kde Koffice 1.4.2

  • Kde Koffice 1.6.1

  • Kde Koffice 2.3.3


References

XF - koffice-kword-odf-bo(77483)

BID - 54816

MLIST - [oss-security] 20120810 Re: CVE request for Calligra

MLIST - [oss-security] 20120806 Re: CVE request for Calligra

MLIST - [oss-security] 20120805 Re: CVE request for Calligra

MLIST - [oss-security] 20120804 Re: CVE request for Calligra

MLIST - [oss-security] 20120804 CVE request for Calligra

CONFIRM - http://www.kde.org/info/security/advisory-20120810-1.txt

SECUNIA - 50199

MISC - http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf

UBUNTU - USN-1526-1

SUSE - openSUSE-SU-2012:1060


Last Updated: 27 May 2016 10:57:36