Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2010:035 First vendor Publication 2010-02-11
Vendor Mandriva Last vendor Modification 2010-02-11
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow:

An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow (CVE-2009-0200).

A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing (CVE-2009-0201).

A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file (CVE-2009-2139).

Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140).

OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736).

Further this update provides following bug fixes:

OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195).

As the template desktop icons are not properly set, it's not presented under the context menu of applications like Dolphin (#56439).

The Firefox plugin which enables viewing of OpenOffice documents inside the browser was not enabled.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2010:035

CWE : Common Weakness Enumeration

% Id Name
75 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10726
 
Oval ID: oval:org.mitre.oval:def:10726
Title: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Description: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Family: unix Class: vulnerability
Reference(s): CVE-2009-0201
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10881
 
Oval ID: oval:org.mitre.oval:def:10881
Title: Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
Description: Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-0200
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11687
 
Oval ID: oval:org.mitre.oval:def:11687
Title: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
 Version: 6
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12656
 
Oval ID: oval:org.mitre.oval:def:12656
Title: DSA-1958-1 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl. For the stable distribution, this problem has been fixed in version 1.5.26-4+lenny1. For the oldstable distribution, this problem has been fixed in version 1.5.22-4+etch1. For the testing distribution and unstable distribution, this problem has been fixed in 2.2.6b-1. We recommend that you upgrade your libtool packages.
Family: unix Class: patch
Reference(s): DSA-1958-1
CVE-2009-3736
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13337
 
Oval ID: oval:org.mitre.oval:def:13337
Title: DSA-1880-1 openoffice.org -- several
Description: Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0200 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in an integer underflow that may lead to heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. CVE-2009-0201 Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. CVE-2009-2139 A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. This vulnerability does not exist in the packages for oldstable, testing and unstable. For the old stable distribution these problems have been fixed in version 2.0.4.dfsg.2-7etch7. For the stable distribution these problems have been fixed in version 1:2.4.1+dfsg-1+lenny3 and higher. For the unstable and testing distribution these problems have been fixed in version 3.1.1~ooo310m15-1. We recommend that you upgrade your Openoffice.org package.
Family: unix Class: patch
Reference(s): DSA-1880-1
CVE-2009-0200
CVE-2009-0201
CVE-2009-2139
 Version: 7
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13951
 
Oval ID: oval:org.mitre.oval:def:13951
Title: USN-840-1 -- openoffice.org vulnerabilities
Description: Dyon Balding discovered flaws in the way OpenOffice.org handled tables. If a user were tricked into opening a specially crafted Word document, a remote attacker might be able to execute arbitrary code with user privileges. A memory overflow flaw was discovered in OpenOffice.org�s handling of EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges
Family: unix Class: patch
Reference(s): USN-840-1
CVE-2009-0200
CVE-2009-0201
CVE-2009-2139
 Version: 5
Platform(s): Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
 Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21943
 
Oval ID: oval:org.mitre.oval:def:21943
Title: RHSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): RHSA-2010:0039-01
CESA-2010:0039
CVE-2009-3736
 Version: 4
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22001
 
Oval ID: oval:org.mitre.oval:def:22001
Title: ELSA-2009:1426: openoffice.org security update (Important)
Description: Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to "table parsing."
Family: unix Class: patch
Reference(s): ELSA-2009:1426-01
CVE-2009-0200
CVE-2009-0201
 Version: 13
Platform(s): Oracle Linux 5
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23008
 
Oval ID: oval:org.mitre.oval:def:23008
Title: ELSA-2009:1646: libtool security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2009:1646-01
CVE-2009-3736
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23036
 
Oval ID: oval:org.mitre.oval:def:23036
Title: ELSA-2010:0039: gcc and gcc4 security update (Moderate)
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: patch
Reference(s): ELSA-2010:0039-01
CVE-2009-3736
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): gcc
gcc4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29111
 
Oval ID: oval:org.mitre.oval:def:29111
Title: RHSA-2009:1426 -- openoffice.org security update (Important)
Description: Updated openoffice.org packages that correct security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor, and a drawing program. An integer underflow flaw and a boundary error flaw, both possibly leading to a heap-based buffer overflow, were found in the way OpenOffice.org parses certain records in Microsoft Word documents. An attacker could create a specially-crafted Microsoft Word document, which once opened by an unsuspecting user, could cause OpenOffice.org to crash or, potentially, execute arbitrary code with the permissions of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported patches to correct these issues. All running instances of OpenOffice.org applications must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2009:1426
CESA-2009:1426-CentOS 3
CVE-2009-0200
CVE-2009-0201
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
 Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:29283
 
Oval ID: oval:org.mitre.oval:def:29283
Title: RHSA-2009:1646 -- libtool security update (Moderate)
Description: Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team.
Family: unix Class: patch
Reference(s): RHSA-2009:1646
CESA-2009:1646-CentOS 3
CESA-2009:1646-CentOS 5
CVE-2009-3736
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 3
CentOS Linux 5
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6951
 
Oval ID: oval:org.mitre.oval:def:6951
Title: GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
Description: ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3736
 Version: 6
Platform(s): VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7481
 
Oval ID: oval:org.mitre.oval:def:7481
Title: DSA-1958 libtool -- privilege escalation
Description: It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
Family: unix Class: patch
Reference(s): DSA-1958
CVE-2009-3736
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): libtool
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:8007
 
Oval ID: oval:org.mitre.oval:def:8007
Title: DSA-1880 openoffice.org -- several vulnerabilities
Description: Several vulnerabilities have been discovered in the OpenOffice.org office suite. The Common Vulnerabilities and Exposures project identifies the following problems: Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in an integer underflow that may lead to heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. Dyon Balding of Secunia Research has discovered a vulnerability, which can be exploited by opening a specially crafted Microsoft Word document. When reading a Microsoft Word document, a bug in the parser of sprmTDelete records can result in heap-based buffer overflows. Successful exploitation may allow arbitrary code execution in the context of the OpenOffice.org process. A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. This vulnerability does not exist in the packages for oldstable, testing and unstable.
Family: unix Class: patch
Reference(s): DSA-1880
CVE-2009-0200
CVE-2009-0201
CVE-2009-2139
 Version: 5
Platform(s): Debian GNU/Linux 5.0
Debian GNU/Linux 4.0
 Product(s): openoffice.org
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 15
Application 4
Application 59
Application 13

OpenVAS Exploits

Date Description
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09 Name : CentOS Update for cpp CESA-2010:0039 centos5 i386
File : nvt/gb_CESA-2010_0039_cpp_centos5_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org CESA-2009:1426 centos3 i386
File : nvt/gb_CESA-2009_1426_openoffice.org_centos3_i386.nasl
2011-08-09 Name : CentOS Update for openoffice.org CESA-2009:1426 centos4 i386
File : nvt/gb_CESA-2009_1426_openoffice.org_centos4_i386.nasl
2011-08-09 Name : CentOS Update for libtool CESA-2009:1646 centos3 i386
File : nvt/gb_CESA-2009_1646_libtool_centos3_i386.nasl
2011-08-09 Name : CentOS Update for libtool CESA-2009:1646 centos4 i386
File : nvt/gb_CESA-2009_1646_libtool_centos4_i386.nasl
2011-08-09 Name : CentOS Update for libtool CESA-2009:1646 centos5 i386
File : nvt/gb_CESA-2009_1646_libtool_centos5_i386.nasl
2011-03-07 Name : Fedora Update for q FEDORA-2011-1967
File : nvt/gb_fedora_2011_1967_q_fc14.nasl
2011-03-07 Name : Fedora Update for q FEDORA-2011-1958
File : nvt/gb_fedora_2011_1958_q_fc13.nasl
2010-07-12 Name : Fedora Update for libtool FEDORA-2010-10640
File : nvt/gb_fedora_2010_10640_libtool_fc12.nasl
2010-07-12 Name : Fedora Update for gcc FEDORA-2010-10640
File : nvt/gb_fedora_2010_10640_gcc_fc12.nasl
2010-05-28 Name : Fedora Update for libprelude FEDORA-2010-8756
File : nvt/gb_fedora_2010_8756_libprelude_fc12.nasl
2010-05-28 Name : Mandriva Update for openoffice.org MDVSA-2010:105 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_105.nasl
2010-05-07 Name : Mandriva Update for openoffice.org MDVSA-2010:091 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_091.nasl
2010-04-16 Name : Mandriva Update for openoffice.org MDVSA-2010:075 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_075.nasl
2010-04-06 Name : Fedora Update for hamlib FEDORA-2010-4407
File : nvt/gb_fedora_2010_4407_hamlib_fc12.nasl
2010-04-06 Name : Fedora Update for hamlib FEDORA-2010-4352
File : nvt/gb_fedora_2010_4352_hamlib_fc11.nasl
2010-03-22 Name : Fedora Update for gnu-smalltalk FEDORA-2010-4392
File : nvt/gb_fedora_2010_4392_gnu-smalltalk_fc11.nasl
2010-03-22 Name : Mandriva Update for lvm2 MDVA-2010:105 (lvm2)
File : nvt/gb_mandriva_MDVA_2010_105.nasl
2010-03-22 Name : Fedora Update for gnu-smalltalk FEDORA-2010-4339
File : nvt/gb_fedora_2010_4339_gnu-smalltalk_fc12.nasl
2010-03-22 Name : Fedora Update for esorex FEDORA-2010-3314
File : nvt/gb_fedora_2010_3314_esorex_fc11.nasl
2010-03-22 Name : Fedora Update for esorex FEDORA-2010-3216
File : nvt/gb_fedora_2010_3216_esorex_fc12.nasl
2010-03-12 Name : Mandriva Update for slib MDVA-2010:091 (slib)
File : nvt/gb_mandriva_MDVA_2010_091.nasl
2010-03-12 Name : Mandriva Update for openoffice.org MDVSA-2010:056 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_056.nasl
2010-03-02 Name : Mandriva Update for phpmyadmin MDVA-2010:075 (phpmyadmin)
File : nvt/gb_mandriva_MDVA_2010_075.nasl
2010-03-02 Name : Fedora Update for gnash FEDORA-2010-1820
File : nvt/gb_fedora_2010_1820_gnash_fc12.nasl
2010-03-02 Name : Fedora Update for mingw32-libltdl FEDORA-2010-2943
File : nvt/gb_fedora_2010_2943_mingw32-libltdl_fc11.nasl
2010-03-02 Name : Fedora Update for gambas FEDORA-2010-1924
File : nvt/gb_fedora_2010_1924_gambas_fc11.nasl
2010-03-02 Name : Fedora Update for gambas FEDORA-2010-1872
File : nvt/gb_fedora_2010_1872_gambas_fc12.nasl
2010-03-02 Name : Fedora Update for gnash FEDORA-2010-1833
File : nvt/gb_fedora_2010_1833_gnash_fc11.nasl
2010-03-02 Name : Fedora Update for mingw32-libltdl FEDORA-2010-2341
File : nvt/gb_fedora_2010_2341_mingw32-libltdl_fc12.nasl
2010-02-15 Name : Mandriva Update for openoffice.org MDVSA-2010:035 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_035.nasl
2010-02-15 Name : Mandriva Update for samba MDVA-2010:056 (samba)
File : nvt/gb_mandriva_MDVA_2010_056.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos3 x86_64
File : nvt/gb_CESA-2010_0039_cpp_centos3_x86_64.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos3 i386
File : nvt/gb_CESA-2010_0039_cpp_centos3_i386.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos4 i386
File : nvt/gb_CESA-2010_0039_cpp_centos4_i386.nasl
2010-01-19 Name : CentOS Update for cpp CESA-2010:0039 centos4 x86_64
File : nvt/gb_CESA-2010_0039_cpp_centos4_x86_64.nasl
2010-01-19 Name : RedHat Update for gcc and gcc4 RHSA-2010:0039-01
File : nvt/gb_RHSA-2010_0039-01_gcc_and_gcc4.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12813 (gcc)
File : nvt/fcore_2009_12813.nasl
2009-12-30 Name : Fedora Core 11 FEDORA-2009-12725 (libtool)
File : nvt/fcore_2009_12725.nasl
2009-12-30 Name : Fedora Core 12 FEDORA-2009-12562 (libtool)
File : nvt/fcore_2009_12562.nasl
2009-12-30 Name : Debian Security Advisory DSA 1958-1 (libtool)
File : nvt/deb_1958_1.nasl
2009-12-14 Name : RedHat Security Advisory RHSA-2009:1646
File : nvt/RHSA_2009_1646.nasl
2009-12-14 Name : CentOS Security Advisory CESA-2009:1646 (libtool)
File : nvt/ovcesa2009_1646.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:307-1 (libtool)
File : nvt/mdksa_2009_307_1.nasl
2009-12-10 Name : Mandriva Security Advisory MDVSA-2009:318 (xmlsec1)
File : nvt/mdksa_2009_318.nasl
2009-12-03 Name : FreeBSD Ports: libtool
File : nvt/freebsd_libtool0.nasl
2009-09-24 Name : OpenOffice EMF Files Multiple Buffer Overflow Vulnerabilities (Linux)
File : nvt/secpod_openoffice_emf_mult_bof_vuln_lin.nasl
2009-09-24 Name : OpenOffice EMF Files Multiple Buffer Overflow Vulnerabilities (Win)
File : nvt/secpod_openoffice_emf_mult_bof_vuln_win.nasl
2009-09-21 Name : SuSE Security Summary SUSE-SR:2009:015
File : nvt/suse_sr_2009_015.nasl
2009-09-16 Name : OpenOffice EMF File Parser Remote Command Execution Vulnerability (Linux)
File : nvt/secpod_openoffice_emf_file_parser_vuln_lin.nasl
2009-09-16 Name : OpenOffice EMF File Parser Remote Command Execution Vulnerability (Win)
File : nvt/secpod_openoffice_emf_file_parser_vuln_win.nasl
2009-09-09 Name : Fedora Core 10 FEDORA-2009-9256 (openoffice.org)
File : nvt/fcore_2009_9256.nasl
2009-09-09 Name : CentOS Security Advisory CESA-2009:1426 (openoffice.org)
File : nvt/ovcesa2009_1426.nasl
2009-09-09 Name : RedHat Security Advisory RHSA-2009:1426
File : nvt/RHSA_2009_1426.nasl
2009-09-08 Name : OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Linux)
File : nvt/gb_openoffice_word_bof_vuln_lin.nasl
2009-09-08 Name : OpenOffice.org Word Documents Parsing Buffer Overflow Vulnerability (Win)
File : nvt/gb_openoffice_word_bof_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
60522 libtool libltdl ltdl.c Library Search Path Subversion Local Privilege Escalation
58383 Go-oo cppcanvas/source/mtfrenderer/emfplus.cxx EMF+ File Handling Multiple Ov...
58211 StarOffice / StarSuite Word Document Table Parsing Heap Overflow
58210 StarOffice / StarSuite Word Document Table Parsing Buffer Overflow
57860 Go-oo svtools/source/filter.vcl/wmf/enhwmf.cxx Crafted EMF File Handling Over...
57659 OpenOffice.org (OOo) Word Document Table Parsing Heap Overflow
57658 OpenOffice.org (OOo) Word Document Table Parsing Buffer Overflow

Snort® IPS/IDS

Date Description
2015-07-22 OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt
RuleID : 34925 - Revision : 2 - Type : FILE-OFFICE
2015-07-22 OpenOffice Word document table parsing sprmTDelete heap buffer overflow attempt
RuleID : 34924 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 OpenOffice Word document table parsing heap buffer overflow attempt
RuleID : 17665 - Revision : 8 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2016-03-08 Name : The remote VMware ESX / ESXi host is missing a security-related patch.
File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO
2014-12-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO
2014-09-01 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO
2013-11-19 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201311-10.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2013-01-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20090904_openoffice_org_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20091208_libtool_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100113_gcc_and_gcc4_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2011-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1967.nasl - Type : ACT_GATHER_INFO
2011-03-04 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1958.nasl - Type : ACT_GATHER_INFO
2011-03-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-1990.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-6469.nasl - Type : ACT_GATHER_INFO
2011-01-21 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-090828.nasl - Type : ACT_GATHER_INFO
2010-10-11 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libtool-6683.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-035.nasl - Type : ACT_GATHER_INFO
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-075.nasl - Type : ACT_GATHER_INFO
2010-07-07 Name : The remote Fedora host is missing one or more security updates.
File : fedora_2010-10640.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4339.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1924.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1872.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-2341.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1833.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-1820.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-2943.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3216.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-3314.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4098.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-8756.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4407.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4392.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4352.nasl - Type : ACT_GATHER_INFO
2010-07-01 Name : The remote Fedora host is missing a security update.
File : fedora_2010-4340.nasl - Type : ACT_GATHER_INFO
2010-06-01 Name : The remote VMware ESXi / ESX host is missing one or more security-related pat...
File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO
2010-05-24 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-105.nasl - Type : ACT_GATHER_INFO
2010-03-08 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-056.nasl - Type : ACT_GATHER_INFO
2010-03-01 Name : The remote SuSE 9 host is missing a security-related patch.
File : suse9_12554.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1958.nasl - Type : ACT_GATHER_INFO
2010-02-24 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1880.nasl - Type : ACT_GATHER_INFO
2010-01-15 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-14 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0039.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libtool-6678.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libltdl7-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_libltdl-3-091201.nasl - Type : ACT_GATHER_INFO
2010-01-05 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_libltdl-3-091202.nasl - Type : ACT_GATHER_INFO
2009-12-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12562.nasl - Type : ACT_GATHER_INFO
2009-12-30 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12813.nasl - Type : ACT_GATHER_INFO
2009-12-22 Name : The remote Fedora host is missing a security update.
File : fedora_2009-12725.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-09 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1646.nasl - Type : ACT_GATHER_INFO
2009-12-07 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-318.nasl - Type : ACT_GATHER_INFO
2009-12-01 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2009-307.nasl - Type : ACT_GATHER_INFO
2009-11-30 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_77c14729dc5e11de92ae02e0184b8d35.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_OpenOffice_org-6421.nasl - Type : ACT_GATHER_INFO
2009-10-02 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-840-1.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-090829.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_OpenOffice_org-math-090810.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_OpenOffice_org-090810.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2009-1426.nasl - Type : ACT_GATHER_INFO
2009-09-04 Name : The remote Fedora host is missing a security update.
File : fedora_2009-9256.nasl - Type : ACT_GATHER_INFO
2009-09-01 Name : The remote Windows host has a program affected by multiple buffer overflows.
File : openoffice_311.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:41:15
  • Multiple Updates