6.8 - SUN-231601

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Sun Alert 231601 Security Vulnerability With Quattro Pro Files in StarOffice 8/StarSuite 8

Informations
Name	SUN-231601	First vendor Publication	2008-04-25
Vendor	Sun	Last vendor Modification	2008-04-25
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: StarOffice 8, StarSuite 8

A security vulnerability with the way StarOffice/StarSuite 8 processes Quattro Pro files may allow a remote unprivileged user who provides a Quattro Pro document that is opened by a local user with StarOffice/StarSuite 8 to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite.

Sun would like to acknowledge with thanks, an anonymous researcher working with the iDefense VCP (http://labs.idefense.com/vcp/).

This issue is also described in the following documents:

CVE-2007-5745 at http://www.security-database.com/detail.php?cve=CVE-2007-5745

CVE-2007-5747 at http://www.security-database.com/detail.php?cve=CVE-2007-5747

State: Resolved

First released: 25-Apr-2008

Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-231601-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_231601_security_vulnerability

CWE : Common Weakness Enumeration

%	Id	Name
50 %	CWE-189	Numeric Errors (CWE/SANS Top 25)
50 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11006

Oval ID:	oval:org.mitre.oval:def:11006
Title:	Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
Description:	Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5745	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openoffice.org2-langpack-lt_LT is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nn_NO is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ga_IE is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zh_CN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-javafilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-he_IL is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-draw is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ko_KR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ca_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-base is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-fr is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pa_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-da_DK is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-emailmerge is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pt_PT is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-es is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sv is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ms_MY is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-cs_CZ is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-xsltfilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ja_JP is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hu_HU is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zh_TW is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sl_SI is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-de is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-pyuno is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2 is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-tr_TR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-impress is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ar is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-bn is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pt_BR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-af_ZA is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pl_PL is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-calc is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zu_ZA is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-fi_FI is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sk_SK is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hi_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nb_NO is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-th_TH is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-et_EE is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-gl_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-it is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hr_HR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ta_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-gu_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-testtools is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-eu_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-el_GR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-core is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ru is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-bg_BG is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nl is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sr_CS is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-cy_GB is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-math is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-graphicfilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-writer is earlier than 0:2.0.4-5.7.0.4.0 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openoffice.org-langpack-sk_SK is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zu_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pa_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hi_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-et_EE is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-kn_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zh_TW is earlier than 0:2.0.4-5.4.26 AND openoffice.org-writer is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ve_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ga_IE is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ta_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ko_KR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-or_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-da_DK is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sr_CS is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pl_PL is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-fr is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ts_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-javafilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-as_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-testtools is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hr_HR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-de is earlier than 0:2.0.4-5.4.26 AND openoffice.org-emailmerge is earlier than 0:2.0.4-5.4.26 AND openoffice.org-xsltfilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-tn_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-te_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sv is earlier than 0:2.0.4-5.4.26 AND openoffice.org-base is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ca_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nr_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-core is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nl is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ur is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nn_NO is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ar is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ja_JP is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-gu_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-tr_TR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-eu_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-fi_FI is earlier than 0:2.0.4-5.4.26 AND openoffice.org-graphicfilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-pyuno is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ml_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-gl_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zh_CN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-xh_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-it is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-es is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nb_NO is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sl_SI is earlier than 0:2.0.4-5.4.26 AND openoffice.org-draw is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nso_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ms_MY is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-el_GR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hu_HU is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ss_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-bn is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-he_IL is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pt_PT is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-lt_LT is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-af_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-bg_BG is earlier than 0:2.0.4-5.4.26 AND openoffice.org-calc is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-cs_CZ is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-cy_GB is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-mr_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-th_TH is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pt_BR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ru is earlier than 0:2.0.4-5.4.26 AND openoffice.org-math is earlier than 0:2.0.4-5.4.26 AND openoffice.org-impress is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-st_ZA is earlier than 0:2.0.4-5.4.26

Definition Id: oval:org.mitre.oval:def:11298

Oval ID:	oval:org.mitre.oval:def:11298
Title:	Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.
Description:	Integer underflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted values that trigger an excessive loop and a stack-based buffer overflow.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5747	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openoffice.org2-langpack-lt_LT is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nn_NO is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ga_IE is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zh_CN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-javafilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-he_IL is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-draw is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ko_KR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ca_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-base is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-fr is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pa_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-da_DK is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-emailmerge is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pt_PT is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-es is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sv is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ms_MY is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-cs_CZ is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-xsltfilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ja_JP is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hu_HU is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zh_TW is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sl_SI is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-de is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-pyuno is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2 is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-tr_TR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-impress is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ar is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-bn is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pt_BR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-af_ZA is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-pl_PL is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-calc is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-zu_ZA is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-fi_FI is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sk_SK is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hi_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nb_NO is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-th_TH is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-et_EE is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-gl_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-it is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-hr_HR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ta_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-gu_IN is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-testtools is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-eu_ES is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-el_GR is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-core is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-ru is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-bg_BG is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-nl is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-sr_CS is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-langpack-cy_GB is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-math is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-graphicfilter is earlier than 0:2.0.4-5.7.0.4.0 AND openoffice.org2-writer is earlier than 0:2.0.4-5.7.0.4.0 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section openoffice.org-langpack-sk_SK is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zu_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pa_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hi_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-et_EE is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-kn_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zh_TW is earlier than 0:2.0.4-5.4.26 AND openoffice.org-writer is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ve_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ga_IE is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ta_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ko_KR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-or_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-da_DK is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sr_CS is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pl_PL is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-fr is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ts_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-javafilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-as_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-testtools is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hr_HR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-de is earlier than 0:2.0.4-5.4.26 AND openoffice.org-emailmerge is earlier than 0:2.0.4-5.4.26 AND openoffice.org-xsltfilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-tn_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-te_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sv is earlier than 0:2.0.4-5.4.26 AND openoffice.org-base is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ca_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nr_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-core is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nl is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ur is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nn_NO is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ar is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ja_JP is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-gu_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-tr_TR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-eu_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-fi_FI is earlier than 0:2.0.4-5.4.26 AND openoffice.org-graphicfilter is earlier than 0:2.0.4-5.4.26 AND openoffice.org-pyuno is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ml_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-gl_ES is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-zh_CN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-xh_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-it is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-es is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nb_NO is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-sl_SI is earlier than 0:2.0.4-5.4.26 AND openoffice.org-draw is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-nso_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ms_MY is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-el_GR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-hu_HU is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ss_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-bn is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-he_IL is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pt_PT is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-lt_LT is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-af_ZA is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-bg_BG is earlier than 0:2.0.4-5.4.26 AND openoffice.org-calc is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-cs_CZ is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-cy_GB is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-mr_IN is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-th_TH is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-pt_BR is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-ru is earlier than 0:2.0.4-5.4.26 AND openoffice.org-math is earlier than 0:2.0.4-5.4.26 AND openoffice.org-impress is earlier than 0:2.0.4-5.4.26 AND openoffice.org-langpack-st_ZA is earlier than 0:2.0.4-5.4.26

Definition Id: oval:org.mitre.oval:def:21720

Oval ID:	oval:org.mitre.oval:def:21720
Title:	ELSA-2008:0175: openoffice.org security update (Important)
Description:	Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
Family:	unix	Class:	patch
Reference(s):	ELSA-2008:0175-01 CVE-2007-5746 CVE-2008-0320 CVE-2007-5745 CVE-2007-5747	Version:	21
Platform(s):	Oracle Linux 5	Product(s):	openoffice.org openoffice.org2
Definition Synopsis:
Oracle Linux 5.x rpm test openoffice.org-langpack-tn_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-xh_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-af_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-tr_TR is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-te_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ss_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-calc is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ml_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-nl is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-nn_NO is earlier than 1:2.0.4-5.4.26 AND openoffice.org-testtools is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-nb_NO is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ta_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-it is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-el_GR is earlier than 1:2.0.4-5.4.26 AND openoffice.org-base is earlier than 1:2.0.4-5.4.26 AND openoffice.org-draw is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-da_DK is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ca_ES is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-es is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-cs_CZ is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-sl_SI is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ar is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-nr_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-kn_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-as_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ts_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ja_JP is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-pt_PT is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-sk_SK is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-cy_GB is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-st_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-zh_TW is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ru is earlier than 1:2.0.4-5.4.26 AND openoffice.org-xsltfilter is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-fi_FI is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-pa_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-he_IL is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ms_MY is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-bn is earlier than 1:2.0.4-5.4.26 AND openoffice.org-graphicfilter is earlier than 1:2.0.4-5.4.26 AND openoffice.org-pyuno is earlier than 1:2.0.4-5.4.26 AND openoffice.org-writer is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-bg_BG is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-fr is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-pt_BR is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-pl_PL is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-hr_HR is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-hi_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-gu_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-zu_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-math is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ur is earlier than 1:2.0.4-5.4.26 AND openoffice.org-impress is earlier than 1:2.0.4-5.4.26 AND openoffice.org-core is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-mr_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-gl_ES is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-et_EE is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ko_KR is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-hu_HU is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-nso_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-sr_CS is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-or_IN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ve_ZA is earlier than 1:2.0.4-5.4.26 AND openoffice.org-emailmerge is earlier than 1:2.0.4-5.4.26 AND openoffice.org-javafilter is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-lt_LT is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-eu_ES is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-zh_CN is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-sv is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-ga_IE is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-de is earlier than 1:2.0.4-5.4.26 AND openoffice.org-langpack-th_TH is earlier than 1:2.0.4-5.4.26

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openoffice cpe:2.3:a:openoffice:openoffice:2.2.1:::::::* cpe:2.3:a:openoffice:openoffice:2.2:::::::* cpe:2.3:a:openoffice:openoffice:2.1:::::::* cpe:2.3:a:openoffice:openoffice:2.0beta:::::::* cpe:2.3:a:openoffice:openoffice:2.0.4:::::::* cpe:2.3:a:openoffice:openoffice:2.0.3_rc6:::::::* cpe:2.3:a:openoffice:openoffice:2.0.3_rc5:::::::* cpe:2.3:a:openoffice:openoffice:2.0.3_rc4:::::::* cpe:2.3:a:openoffice:openoffice:2.0.3_rc3:::::::* cpe:2.3:a:openoffice:openoffice:2.0.3_1:::::::* cpe:2.3:a:openoffice:openoffice:2.0.3:::::::* cpe:2.3:a:openoffice:openoffice:2.0.2_rc4:::::::* cpe:2.3:a:openoffice:openoffice:2.0.2_rc3:::::::* cpe:2.3:a:openoffice:openoffice:2.0.2_rc2:::::::* cpe:2.3:a:openoffice:openoffice:2.0.2_rc1:::::::* cpe:2.3:a:openoffice:openoffice:2.0.2:::::::* cpe:2.3:a:openoffice:openoffice:2.0.1:::::::* cpe:2.3:a:openoffice:openoffice:2.0.0_rc3:::::::* cpe:2.3:a:openoffice:openoffice:2.0.0_rc2:::::::* cpe:2.3:a:openoffice:openoffice:2.0.0_rc1:::::::* cpe:2.3:a:openoffice:openoffice:2.0.0:::::::* cpe:2.3:a:openoffice:openoffice:2.0:::::::* cpe:2.3:a:openoffice:openoffice:1.1.5:::::::* cpe:2.3:a:openoffice:openoffice:1.1.4:::::::* cpe:2.3:a:openoffice:openoffice:1.1.3:::::::* cpe:2.3:a:openoffice:openoffice:1.1.2:::::::* cpe:2.3:a:openoffice:openoffice:1.1.1b:::::::* cpe:2.3:a:openoffice:openoffice:1.1.1a:::::::* cpe:2.3:a:openoffice:openoffice:1.1.1:::::::* cpe:2.3:a:openoffice:openoffice:1.1.0:::::::* cpe:2.3:a:openoffice:openoffice:1.1:::::::* cpe:2.3:a:openoffice:openoffice:1.0.2:::::::* cpe:2.3:a:openoffice:openoffice:1.0.1:::::::* cpe:2.3:a:openoffice:openoffice::::::::	34
Application	Sun Openoffice.Org cpe:2.3:a:sun:openoffice.org:2.3.0:::::::* cpe:2.3:a:sun:openoffice.org:2.2.1:::::::* cpe:2.3:a:sun:openoffice.org:2.2.0:::::::* cpe:2.3:a:sun:openoffice.org:2.1.0:::::::* cpe:2.3:a:sun:openoffice.org:2.0.4:::::::* cpe:2.3:a:sun:openoffice.org:2.0.3:::::::* cpe:2.3:a:sun:openoffice.org:2.0.0:::::::* cpe:2.3:a:sun:openoffice.org:1.1.0:::::::* cpe:2.3:a:sun:openoffice.org:::::::: cpe:2.3:a:sun:openoffice.org:-:::::::*	10

OpenVAS Exploits

Date	Description
2009-04-09	Name : Mandriva Update for openoffice.org MDVSA-2008:095 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2008_095.nasl
2009-03-23	Name : Ubuntu Update for hsqldb, openoffice.org/-amd64 vulnerabilities USN-609-1 File : nvt/gb_ubuntu_USN_609_1.nasl
2009-03-06	Name : RedHat Update for openoffice.org RHSA-2008:0175-01 File : nvt/gb_RHSA-2008_0175-01_openoffice.org.nasl
2009-02-27	Name : CentOS Update for openoffice.org2-base CESA-2008:0175 centos4 i386 File : nvt/gb_CESA-2008_0175_openoffice.org2-base_centos4_i386.nasl
2009-02-27	Name : CentOS Update for openoffice.org2-base CESA-2008:0175 centos4 x86_64 File : nvt/gb_CESA-2008_0175_openoffice.org2-base_centos4_x86_64.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-3251 File : nvt/gb_fedora_2008_3251_openoffice.org_fc8.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-4104 File : nvt/gb_fedora_2008_4104_openoffice.org_fc7.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-5239 File : nvt/gb_fedora_2008_5239_openoffice.org_fc7.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-5247 File : nvt/gb_fedora_2008_5247_openoffice.org_fc8.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-7531 File : nvt/gb_fedora_2008_7531_openoffice.org_fc8.nasl
2009-02-17	Name : Fedora Update for openoffice.org FEDORA-2008-9333 File : nvt/gb_fedora_2008_9333_openoffice.org_fc8.nasl
2009-01-23	Name : SuSE Update for OpenOffice_org SUSE-SA:2008:023 File : nvt/gb_suse_2008_023.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200805-16 (openoffice openoffice-bin) File : nvt/glsa_200805_16.nasl
2008-04-21	Name : Debian Security Advisory DSA 1547-1 (openoffice.org) File : nvt/deb_1547_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
44471	OpenOffice.org (OOo) Quattro Pro (QPRO) File Crafted Value Processing Overflow
44469	OpenOffice.org (OOo) Quattro Pro (QPRO) File Multiple Record Handling Overflow

Nessus® Vulnerability Scanner

Date	Description
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080417_openoffice_org2_on_SL4_5_and_4_6.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20080417_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-095.nasl - Type : ACT_GATHER_INFO
2008-05-20	Name : The remote Fedora host is missing a security update. File : fedora_2008-4104.nasl - Type : ACT_GATHER_INFO
2008-05-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200805-16.nasl - Type : ACT_GATHER_INFO
2008-05-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-609-1.nasl - Type : ACT_GATHER_INFO
2008-04-25	Name : The remote Fedora host is missing a security update. File : fedora_2008-3251.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2008-0175.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0175.nasl - Type : ACT_GATHER_INFO
2008-04-22	Name : The remote openSUSE host is missing a security update. File : suse_OpenOffice_org-5053.nasl - Type : ACT_GATHER_INFO
2008-04-18	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1547.nasl - Type : ACT_GATHER_INFO
2008-04-17	Name : The remote Windows host has a program that is affected by multiple vulnerabil... File : openoffice_240.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	3
CPE ID(s)	44
osvdb(s)	2
Openvas Exploit(s)	14
Nessus® Exploit(s)	12

	Related
6.8	CVE-2007-5747
6.8	CVE-2007-5745
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)