OpenOffice DOC Memory Corruption

2013.07.29
Credit: Herbert Durr
Risk: High
Local: Yes
Remote: No
CWE: N/A


Ogólna skala CVSS: 6.8/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

CVE-2013-2189 OpenOffice DOC Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 to 3.4.1 on all platforms. Predecessor versions of OpenOffice.org may be also affected. Description: The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Mitigation: Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents. Credits: The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw. Herbert Drr Member of the Apache OpenOffice Security Team


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top