ID CVE-2005-2964
Summary Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism.
References
Vulnerable Configurations
  • cpe:2.3:a:abisource:community_abiword:2.2.9
    cpe:2.3:a:abisource:community_abiword:2.2.9
CVSS
Base: 7.5 (as of 29-09-2005 - 09:57)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200509-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200509-20 (AbiWord: RTF import stack-based buffer overflow) Chris Evans discovered that the RTF import function in AbiWord is vulnerable to a stack-based buffer overflow. Impact : An attacker could design a malicious RTF file and entice the user to import it in AbiWord, potentially resulting in the execution of arbitrary code with the rights of the user running AbiWord. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 19819
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19819
    title GLSA-200509-20 : AbiWord: RTF import stack-based buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-188-1.NASL
    description Chris Evans discovered a buffer overflow in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20600
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20600
    title Ubuntu 4.10 / 5.04 : abiword vulnerability (USN-188-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-894.NASL
    description Chris Evans discovered several buffer overflows in the RTF import mechanism of AbiWord, a WYSIWYG word processor based on GTK 2. Opening a specially crafted RTF file could lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 22760
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22760
    title Debian DSA-894-1 : abiword - buffer overflows
refmap via4
bid 14971
confirm http://www.abiword.org/release-notes/2.2.10.phtml
debian DSA-894
gentoo
  • GLSA-200509-20
  • GLSA-200510-04
osvdb 19717
sectrack 1014982
secunia
  • 16982
  • 16990
  • 17012
  • 17052
  • 17070
  • 17215
  • 17551
suse SUSE-SR:2005:023
ubuntu USN-188-1
xf abiword-rtf-importer-bo(22454)
Last major update 05-09-2008 - 16:53
Published 28-09-2005 - 17:03
Last modified 10-07-2017 - 21:33
Back to Top