NASLDB: Debian DSA-2520-1 : openoffice.org - Multiple heap-based buffer overflows
General
ID: 61401
Name: Debian DSA-2520-1 : openoffice.org – Multiple heap-based buffer overflows
Summary: Checks dpkg output for the updated package
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 0
Family: Debian Local Security Checks
Type: Local
Description
Timo Warns from PRE-CERT discovered multiple heap-based buffer
overflows in OpenOffice.org, an office productivity suite. The issues
lies in the XML manifest encryption tag parsing code. Using specially
crafted files, an attacker can cause application crash and could cause
arbitrary code execution.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2012-2665
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2012/08/01
Plugin Release: 2012/08/03
Plugin
Version: 1.3
Filename: debian_DSA-2520.nasl
Filesize: 2924 bytes
MD5 Hash: a2579587d252265b086473d1b705bc29
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l
Dependencies: "ssh_get_info.nasl"
Copyright: This script is© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack