ID CVE-2005-2971
Summary Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
References
Vulnerable Configurations
  • KDE KOffice 1.2
    cpe:2.3:a:kde:koffice:1.2
  • KDE KOffice 1.2.1
    cpe:2.3:a:kde:koffice:1.2.1
  • KDE KOffice 1.3
    cpe:2.3:a:kde:koffice:1.3
  • KDE KOffice 1.3.1
    cpe:2.3:a:kde:koffice:1.3.1
  • KDE KOffice 1.3.2
    cpe:2.3:a:kde:koffice:1.3.2
  • KDE KOffice 1.3.3
    cpe:2.3:a:kde:koffice:1.3.3
  • KDE KOffice 1.3.4
    cpe:2.3:a:kde:koffice:1.3.4
  • KDE KOffice 1.3.5
    cpe:2.3:a:kde:koffice:1.3.5
  • cpe:2.3:a:kde:koffice:1.3_beta1
    cpe:2.3:a:kde:koffice:1.3_beta1
  • cpe:2.3:a:kde:koffice:1.3_beta2
    cpe:2.3:a:kde:koffice:1.3_beta2
  • cpe:2.3:a:kde:koffice:1.3_beta3
    cpe:2.3:a:kde:koffice:1.3_beta3
  • KDE KOffice 1.4
    cpe:2.3:a:kde:koffice:1.4
  • KDE KOffice 1.4.1
    cpe:2.3:a:kde:koffice:1.4.1
CVSS
Base: 7.5 (as of 20-10-2005 - 09:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-872.NASL
    description Chris Evans discovered a buffer overflow in the RTF importer of kword, a word processor for the KDE Office Suite that can lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22738
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22738
    title Debian DSA-872-1 : koffice - buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-202-1.NASL
    description Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 20618
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20618
    title Ubuntu 5.04 : koffice vulnerability (USN-202-1)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2005-310-02.NASL
    description New KOffice packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with KWord. A buffer overflow in the RTF import functionality could result in the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 20150
    published 2005-11-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20150
    title Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : KOffice/KWord (SSA:2005-310-02)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200510-12.NASL
    description The remote host is affected by the vulnerability described in GLSA-200510-12 (KOffice, KWord: RTF import buffer overflow) Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact : An attacker could entice a user to open a specially crafted RTF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-19
    plugin id 20032
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20032
    title GLSA-200510-12 : KOffice, KWord: RTF import buffer overflow
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-984.NASL
    description - Tue Oct 11 2005 Than Ngo 4:1.4.2-0.FC3.2 - remove security fix which is included in new 1.4.2 upstream - Thu Sep 29 2005 Than Ngo 4:1.4.2-0.FC3.1 - update to 1.4.2 - apply upstream patch to fix CVE-2005-2971 kword buffer overflow #169486 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20021
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20021
    title Fedora Core 3 : koffice-1.4.2-0.FC3.2 (2005-984)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-185.NASL
    description Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of arbitrary code. The updated packages are patched to deal with these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20431
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20431
    title Mandrake Linux Security Advisory : koffice (MDKSA-2005:185)
refmap via4
bid 15060
confirm http://www.kde.org/info/security/advisory-20051011-1.txt
debian DSA-872
fedora FEDORA-2005-984
gentoo GLSA-200510-12
misc http://scary.beasts.org/security/CESA-2005-005.txt
sectrack 1015035
secunia
  • 17145
  • 17171
  • 17190
  • 17212
  • 17332
  • 17480
  • 17486
slackware SSA:2005-310-02
suse SUSE-SR:2005:025
ubuntu USN-202-1
xf koffice-kword-rtf-importer-bo(22562)
Last major update 10-09-2008 - 15:44
Published 20-10-2005 - 06:02
Last modified 03-10-2018 - 17:31
Back to Top