Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3456

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-3456
Last Modified 29 Jan 2013 11:52:33
Published 20 Aug 2012 02:55:03
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-3456

Summary

Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.

Vulnerable Systems

Application

  • Calligra 2.4

  • Calligra 2.4.1

  • Calligra 2.4.2

  • Calligra 2.4.3


References

XF - calligra-styles-bo(77482)

BID - 54816

MLIST - [oss-security] 20120810 Re: CVE request for Calligra

MLIST - [oss-security] 20120806 Re: CVE request for Calligra

MLIST - [oss-security] 20120805 Re: CVE request for Calligra

MLIST - [oss-security] 20120804 Re: CVE request for Calligra

MLIST - [oss-security] 20120804 CVE request for Calligra

CONFIRM - http://www.kde.org/info/security/advisory-20120810-1.txt

SECUNIA - 50050

MISC - http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf

UBUNTU - USN-1525-1

SUSE - openSUSE-SU-2012:1061


Last Updated: 27 May 2016 11:00:32