Vulnerability CVE-2007-2834


Published: 2007-09-18   Modified: 2012-02-12

Description:
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Type:

CWE-189

(Numeric Errors)

Vendor: SUN
Product: Staroffice 
Version:
8.0
7.0
6.0
Product: Starsuite 
Vendor: Redhat
Product: Fedora core 
Version: 6;
Product: Enterprise linux 
Version:
5.0
4.0
3.0
Product: Linux 
Version: 4.0; 3.0;
Vendor: Debian
Product: Debian linux 
Version: 4.0; 3.1;
Vendor: Openoffice
Product: Openoffice 
Version:
2.2.1
2.0.4
1.1.3

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://bugs.gentoo.org/show_bug.cgi?id=192818
http://fedoranews.org/updates/FEDORA-2007-237.shtml
http://fedoranews.org/updates/FEDORA-2007-700.shtml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593
http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html
http://security.gentoo.org/glsa/glsa-200710-24.xml
http://securitytracker.com/id?1018702
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1
http://www.debian.org/security/2007/dsa-1375
http://www.mandriva.com/security/advisories?name=MDKSA-2007:186
http://www.openoffice.org/security/cves/CVE-2007-2834.html
http://www.redhat.com/support/errata/RHSA-2007-0848.html
http://www.securityfocus.com/archive/1/479965/100/0/threaded
http://www.securityfocus.com/bid/25690
http://www.ubuntu.com/usn/usn-524-1
http://www.vupen.com/english/advisories/2007/3184
http://www.vupen.com/english/advisories/2007/3262
https://exchange.xforce.ibmcloud.com/vulnerabilities/36656
https://issues.rpath.com/browse/RPL-1740
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967

Related CVE
CVE-2010-2936
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint doc...
CVE-2010-2935
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or pos...
CVE-2009-3569
Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as ...
CVE-2009-3570
Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However,...
CVE-2009-3571
Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no action...
CVE-2009-0259
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as e...
CVE-2009-0200
Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
CVE-2009-0201
Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."

Copyright 2019, cxsecurity.com

 

Back to Top