RSS   Vulnerabilities for 'Openoffice'   RSS

2008-06-16
 
CVE-2008-2366

CWE-16
 

 
Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.

 
2008-04-17
 
CVE-2007-5745

 

 
Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.

 
2007-12-05
 
CVE-2007-4575

 

 
HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."

 
2007-08-08
 
CVE-2007-4251

CWE-Other
 

 
OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.

 
2007-09-18
 
CVE-2007-2834

CWE-189
 

 
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

 
2007-06-12
 
CVE-2007-0245

CWE-119
 

 
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

 
2007-03-21
 
CVE-2007-0239

 

 
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.

 
 
CVE-2007-0238

CWE-119
 

 
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.

 
2006-12-18
 
CVE-2006-6628

CWE-Other
 

 
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.

 
2006-12-31
 
CVE-2006-5870

CWE-189
 

 
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.

 


Copyright 2021, cxsecurity.com

 

Back to Top