Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2012:124 | First vendor Publication | 2012-08-04 |
Vendor | Mandriva | Last vendor Modification | 2012-08-04 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A Security issue was identified and fixed in openoffice.org: Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of openoffice.org. An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution (CVE-2012-2665). The updated packages have been patched to correct this issue. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2012:124 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:17974 | |||
Oval ID: | oval:org.mitre.oval:def:17974 | ||
Title: | USN-1536-1 -- libreoffice vulnerability | ||
Description: | LibreOffice could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1536-1 CVE-2012-2665 | Version: | 5 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.10 Ubuntu 11.04 | Product(s): | libreoffice |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18059 | |||
Oval ID: | oval:org.mitre.oval:def:18059 | ||
Title: | USN-1537-1 -- openoffice.org vulnerability | ||
Description: | OpenOffice.org could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1537-1 CVE-2012-2665 | Version: | 5 |
Platform(s): | Ubuntu 10.04 | Product(s): | openoffice.org |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19447 | |||
Oval ID: | oval:org.mitre.oval:def:19447 | ||
Title: | DSA-2520-1 openoffice.org - Multiple heap-based buffer overflows | ||
Description: | Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2520-1 CVE-2012-2665 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | openoffice.org |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-24 | Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Mac OS X) File : nvt/gb_libreoffice_xml_manifest_bof_vuln_macosx.nasl |
2012-12-24 | Name : LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities (Windows) File : nvt/gb_libreoffice_xml_manifest_bof_vuln_win.nasl |
2012-12-24 | Name : OpenOffice Multiple Buffer Overflow Vulnerabilities - Dec12 (Windows) File : nvt/gb_openoffice_mult_bof_vuln_dec12_win.nasl |
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice) File : nvt/glsa_201209_05.nasl |
2012-08-14 | Name : Fedora Update for libreoffice FEDORA-2012-11402 File : nvt/gb_fedora_2012_11402_libreoffice_fc16.nasl |
2012-08-14 | Name : Ubuntu Update for libreoffice USN-1536-1 File : nvt/gb_ubuntu_USN_1536_1.nasl |
2012-08-14 | Name : Ubuntu Update for openoffice.org USN-1537-1 File : nvt/gb_ubuntu_USN_1537_1.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2520-1 (openoffice.org) File : nvt/deb_2520_1.nasl |
2012-08-03 | Name : CentOS Update for autocorr-af CESA-2012:1135 centos6 File : nvt/gb_CESA-2012_1135_autocorr-af_centos6.nasl |
2012-08-03 | Name : CentOS Update for openoffice.org-base CESA-2012:1136 centos5 File : nvt/gb_CESA-2012_1136_openoffice.org-base_centos5.nasl |
2012-08-03 | Name : RedHat Update for libreoffice RHSA-2012:1135-01 File : nvt/gb_RHSA-2012_1135-01_libreoffice.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1135.nasl - Type : ACT_GATHER_INFO |
2012-12-14 | Name : The remote host has an application installed that is affected by multiple vul... File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-123.nasl - Type : ACT_GATHER_INFO |
2012-08-30 | Name : The remote Windows host has a program affected by multiple heap-based buffer ... File : openoffice_341.nasl - Type : ACT_GATHER_INFO |
2012-08-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1536-1.nasl - Type : ACT_GATHER_INFO |
2012-08-14 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1537-1.nasl - Type : ACT_GATHER_INFO |
2012-08-13 | Name : The remote Fedora host is missing a security update. File : fedora_2012-11402.nasl - Type : ACT_GATHER_INFO |
2012-08-06 | Name : The remote host contains an application that is affected by multiple buffer o... File : libreoffice_355.nasl - Type : ACT_GATHER_INFO |
2012-08-06 | Name : The remote host contains an application that is affected by multiple buffer o... File : macosx_libreoffice_355.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1135.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2520.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120801_libreoffice_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120801_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1136.nasl - Type : ACT_GATHER_INFO |
2012-08-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1135.nasl - Type : ACT_GATHER_INFO |
2012-08-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1136.nasl - Type : ACT_GATHER_INFO |