Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2012-2334 First vendor Publication 2012-06-19
Vendor Cve Last vendor Modification 2023-02-13

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:17416
 
Oval ID: oval:org.mitre.oval:def:17416
Title: USN-1495-1 -- libreoffice, libreoffice-l10n vulnerabilities
Description: LibreOffice could be made to crash or potentially run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1495-1
CVE-2012-1149
CVE-2012-2334
 Version: 5
Platform(s): Ubuntu 11.10
Ubuntu 11.04
 Product(s): libreoffice
libreoffice-l10n
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:17917
 
Oval ID: oval:org.mitre.oval:def:17917
Title: USN-1496-1 -- openoffice.org vulnerabilities
Description: OpenOffice.org could be made to crash or potentially run programs as your login if it opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1496-1
CVE-2011-2685
CVE-2011-2713
CVE-2012-1149
CVE-2012-2334
 Version: 5
Platform(s): Ubuntu 10.04
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:18515
 
Oval ID: oval:org.mitre.oval:def:18515
Title: DSA-2487-1 openoffice.org - buffer overflow
Description: It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution.
Family: unix Class: patch
Reference(s): DSA-2487-1
CVE-2012-1149
CVE-2012-2334
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21322
 
Oval ID: oval:org.mitre.oval:def:21322
Title: RHSA-2012:0705: openoffice.org security update (Important)
Description: Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): RHSA-2012:0705-01
CESA-2012:0705
CVE-2012-1149
CVE-2012-2334
 Version: 29
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
CentOS Linux 5
CentOS Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22901
 
Oval ID: oval:org.mitre.oval:def:22901
Title: DEPRECATED: ELSA-2012:0705: openoffice.org security update (Important)
Description: Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): ELSA-2012:0705-01
CVE-2012-1149
CVE-2012-2334
 Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23553
 
Oval ID: oval:org.mitre.oval:def:23553
Title: ELSA-2012:0705: openoffice.org security update (Important)
Description: Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.
Family: unix Class: patch
Reference(s): ELSA-2012:0705-01
CVE-2012-1149
CVE-2012-2334
 Version: 13
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27750
 
Oval ID: oval:org.mitre.oval:def:27750
Title: DEPRECATED: ELSA-2012-0705 -- openoffice.org security update (important)
Description: [1:3.2.1-19.6.0.1.el6_2.7] - Replaced RedHat colors with Oracle colors, OOO_VENDOR with Oracle Corp., and the filename redhat.soc with oracle.soc in specfile [1:3.2.1-19.6.7] - Resolves: CVE-2012-2334 Integer overflow leading to buffer overflow by processing invalid Escher graphics records length in the Powerpoint documents [1:3.2.1-19.6.6] - Resolves: CVE-2012-1149 Integer overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations
Family: unix Class: patch
Reference(s): ELSA-2012-0705
CVE-2012-1149
CVE-2012-2334
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): openoffice.org
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 55

OpenVAS Exploits

Date Description
2012-08-30 Name : Debian Security Advisory DSA 2487-1 (openoffice.org)
File : nvt/deb_2487_1.nasl
2012-08-14 Name : Fedora Update for libreoffice FEDORA-2012-11402
File : nvt/gb_fedora_2012_11402_libreoffice_fc16.nasl
2012-08-03 Name : Mandriva Update for libreoffice MDVSA-2012:091 (libreoffice)
File : nvt/gb_mandriva_MDVSA_2012_091.nasl
2012-07-30 Name : CentOS Update for autocorr-af CESA-2012:0705 centos6
File : nvt/gb_CESA-2012_0705_autocorr-af_centos6.nasl
2012-07-30 Name : CentOS Update for openoffice.org-base CESA-2012:0705 centos5
File : nvt/gb_CESA-2012_0705_openoffice.org-base_centos5.nasl
2012-07-03 Name : Ubuntu Update for libreoffice USN-1495-1
File : nvt/gb_ubuntu_USN_1495_1.nasl
2012-07-03 Name : Ubuntu Update for openoffice.org USN-1496-1
File : nvt/gb_ubuntu_USN_1496_1.nasl
2012-06-15 Name : Fedora Update for libreoffice FEDORA-2012-8114
File : nvt/gb_fedora_2012_8114_libreoffice_fc15.nasl
2012-06-08 Name : RedHat Update for openoffice.org RHSA-2012:0705-01
File : nvt/gb_RHSA-2012_0705-01_openoffice.org.nasl

Nessus® Vulnerability Scanner

Date Description
2014-09-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0705.nasl - Type : ACT_GATHER_INFO
2012-12-14 Name : The remote host has an application installed that is affected by multiple vul...
File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-091.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120604_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-07-03 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1495-1.nasl - Type : ACT_GATHER_INFO
2012-07-03 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1496-1.nasl - Type : ACT_GATHER_INFO
2012-06-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2487.nasl - Type : ACT_GATHER_INFO
2012-06-14 Name : The remote Fedora host is missing a security update.
File : fedora_2012-8114.nasl - Type : ACT_GATHER_INFO
2012-06-06 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0705.nasl - Type : ACT_GATHER_INFO
2012-06-05 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0705.nasl - Type : ACT_GATHER_INFO
2012-05-18 Name : The remote Windows host has a program affected by multiple memory corruption ...
File : openoffice_34.nasl - Type : ACT_GATHER_INFO
2012-05-17 Name : The remote host contains an application affected by multiple memory corruptio...
File : libreoffice_353.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/53570
BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.html
CONFIRM http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191...
http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc303...
http://www.libreoffice.org/advisories/cve-2012-2334/
http://www.openoffice.org/security/cves/CVE-2012-2334.html
DEBIAN http://www.debian.org/security/2012/dsa-2487
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html
GENTOO http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2012:090
http://www.mandriva.com/security/advisories?name=MDVSA-2012:091
MISC https://bugzilla.redhat.com/show_bug.cgi?id=821803
MLIST http://www.openwall.com/lists/oss-security/2012/05/28/2
OSVDB http://www.osvdb.org/82517
REDHAT http://rhn.redhat.com/errata/RHSA-2012-0705.html
SECTRACK http://securitytracker.com/id?1027070
SECUNIA http://secunia.com/advisories/46992
http://secunia.com/advisories/47244
http://secunia.com/advisories/49373
http://secunia.com/advisories/49392
http://secunia.com/advisories/60799
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/75695

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Date Informations
2023-02-13 09:28:45
  • Multiple Updates
2023-02-02 21:28:43
  • Multiple Updates
2021-05-04 12:19:52
  • Multiple Updates
2021-04-22 01:23:34
  • Multiple Updates
2020-05-23 01:48:45
  • Multiple Updates
2020-05-23 00:33:36
  • Multiple Updates
2019-06-13 12:04:42
  • Multiple Updates
2018-02-28 12:01:05
  • Multiple Updates
2017-08-29 09:23:49
  • Multiple Updates
2016-06-28 19:08:13
  • Multiple Updates
2016-04-26 21:48:15
  • Multiple Updates
2014-10-24 13:25:57
  • Multiple Updates
2014-09-02 13:24:31
  • Multiple Updates
2014-02-17 11:10:10
  • Multiple Updates
2013-05-10 22:38:57
  • Multiple Updates