ID CVE-2007-5745
Summary Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice:2.3.1
    cpe:2.3:a:openoffice:openoffice:2.3.1
CVSS
Base: 6.8 (as of 17-04-2008 - 15:16)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
metasploit via4
description This module exploits a vulnerability in OpenOffice 2.3.1 and 2.3.0 on Microsoft Windows XP SP3. By supplying a OLE file with a malformed DocumentSummaryInformation stream, an attacker can gain control of the execution flow, which results arbitrary code execution under the context of the user.
id MSF:EXPLOIT/WINDOWS/FILEFORMAT/OPENOFFICE_OLE
last seen 2019-02-16
modified 2017-07-24
published 2012-05-23
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/openoffice_ole.rb
title OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080417_OPENOFFICE_ORG2_ON_SL4_5_AND_4_6.NASL
    description Multiple heap overflows and an integer underflow were found in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-5745, CVE-2007-5747) A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60388
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60388
    title Scientific Linux Security Update : openoffice.org2 on SL4.5 and 4.6 i386/x86_64
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200805-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200805-16 (OpenOffice.org: Multiple vulnerabilities) iDefense Labs reported multiple vulnerabilities in OpenOffice.org: multiple heap-based buffer overflows when parsing the 'Attribute' and 'Font' Description records of Quattro Pro (QPRO) files (CVE-2007-5745), an integer overflow when parsing the EMR_STRETCHBLT record of an EMF file, resulting in a heap-based buffer overflow (CVE-2007-5746), an integer underflow when parsing Quattro Pro (QPRO) files, resulting in an excessive loop and a stack-based buffer overflow (CVE-2007-5747), and a heap-based buffer overflow when parsing the 'DocumentSummaryInformation' stream in an OLE file (CVE-2008-0320). Furthermore, Will Drewry (Google Security) reported vulnerabilities in the memory management of the International Components for Unicode (CVE-2007-4770, CVE-2007-4771), which was resolved with GLSA 200803-20. However, the binary version of OpenOffice.org uses an internal copy of said library. Impact : A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running OpenOffice.org. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 32353
    published 2008-05-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32353
    title GLSA-200805-16 : OpenOffice.org: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2008-095.NASL
    description A vulnerability in HSQLDB before 1.8.0.9 in OpenOffice.org could allow user-assisted remote attackers to execute arbitrary Java code via crafted database documents (CVE-2007-4575). A heap overflow was discovered in OpenOffice.org's EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or potentially execute arbitrary code if the malicious EMF image was added to a document or if a document containing such an EMF file was opened (CVE-2007-5746). Multiple heap overflows and an integer underflow were discovered in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org ro crash or potentially execute arbitrary code (CVE-2007-5745, CVE-2007-5747). A heap overflow was discovered in the OLE Structured Storage file parser, a format used by Microsoft Office documents. An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or potentially execute arbitrary code (CVE-2008-0320). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37969
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37969
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2008:095)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20080417_OPENOFFICE_ORG_ON_SL5_X.NASL
    description Multiple heap overflows and an integer underflow were found in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-5745, CVE-2007-5747) A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60390
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60390
    title Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
  • NASL family Windows
    NASL id OPENOFFICE_240.NASL
    description The version of Sun Microsystems OpenOffice.org installed on the remote host is affected by several issues : - Heap overflow and arbitrary code execution vulnerabilities involving ODF text documents with XForms (CVE-2007-4770/4771). - Heap overflow and arbitrary code execution vulnerabilities involving Quattro Pro files (CVE-2007-5745/5747). - Heap overflow and arbitrary code execution vulnerabilities involving EMF files (CVE-2007-5746). - Heap overflow and arbitrary code execution vulnerabilities involving OLE files (CVE-2008-0320).
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 31968
    published 2008-04-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31968
    title Sun OpenOffice.org < 2.4 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPENOFFICE_ORG-5053.NASL
    description This update of OpenOffice fixes various critical security vulnerabilities - heap-overflow when parsing PPT files (CVE-2008-0320) - various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747) - out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770,CVE-2007-4771)
    last seen 2019-02-21
    modified 2018-01-11
    plugin id 32023
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32023
    title openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-5053)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-609-1.NASL
    description It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. (CVE-2007-4575) Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. (CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 32189
    published 2008-05-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32189
    title Ubuntu 6.06 LTS / 7.04 / 7.10 : hsqldb, openoffice.org/-amd64 vulnerabilities (USN-609-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-4104.NASL
    description Following security issues were addressed in this update: # CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution # CVE-2007-5746: Manipulated EMF files can lead to heap overflows and arbitrary code execution # CVE-2008-0320: Manipulated OLE files can lead to heap overflows and arbitrary code execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-11
    plugin id 32385
    published 2008-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32385
    title Fedora 7 : openoffice.org-2.3.0-6.8.fc7 (2008-4104)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2008-0175.NASL
    description Updated openoffice.org 2.x packages to correct multiple security issues are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Multiple heap overflows and an integer underflow were found in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-5745, CVE-2007-5747) A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 32018
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32018
    title RHEL 4 / 5 : openoffice.org (RHSA-2008:0175)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2008-0175.NASL
    description Updated openoffice.org 2.x packages to correct multiple security issues are now available for Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Multiple heap overflows and an integer underflow were found in the Quattro Pro(R) import filter. An attacker could create a carefully crafted Quattro Pro file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-5745, CVE-2007-5747) A heap overflow flaw was found in the EMF parser. An attacker could create a carefully crafted EMF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the malicious EMF image was added to a document or if a document containing the malicious EMF file was opened by a victim. (CVE-2007-5746) A heap overflow flaw was found in the OLE Structured Storage file parser. (OLE Structured Storage is a format used by Microsoft Office documents.) An attacker could create a carefully crafted OLE file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2008-0320) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes to correct these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31996
    published 2008-04-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31996
    title CentOS 4 / 5 : openoffice.org / openoffice.org2 (CESA-2008:0175)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2008-3251.NASL
    description Following security issues were addressed in this update: # CVE-2007-5745/5747: Manipulated Quattro Pro files can lead to heap overflows and arbitrary code execution # CVE-2007-5746: Manipulated EMF files can lead to heap overflows and arbitrary code execution # CVE-2008-0320: Manipulated OLE files can lead to heap overflows and arbitrary code execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-01-11
    plugin id 32042
    published 2008-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=32042
    title Fedora 8 : openoffice.org-2.3.0-6.14.fc8 (2008-3251)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1547.NASL
    description Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-5745, CVE-2007-5747 Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code. - CVE-2007-5746 Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code. - CVE-2008-0320 A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code. Recently reported problems in the ICU library are fixed in separate libicu packages with DSA 1511 against which OpenOffice.org is linked.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 31969
    published 2008-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31969
    title Debian DSA-1547-1 : openoffice.org - several vulnerabilities
oval via4
accepted 2013-04-29T04:10:39.735-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
family unix
id oval:org.mitre.oval:def:11006
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.
version 24
redhat via4
advisories
rhsa
id RHSA-2008:0175
rpms
  • openoffice.org2-base-1:2.0.4-5.7.0.4.0
  • openoffice.org2-calc-1:2.0.4-5.7.0.4.0
  • openoffice.org2-core-1:2.0.4-5.7.0.4.0
  • openoffice.org2-draw-1:2.0.4-5.7.0.4.0
  • openoffice.org2-emailmerge-1:2.0.4-5.7.0.4.0
  • openoffice.org2-graphicfilter-1:2.0.4-5.7.0.4.0
  • openoffice.org2-impress-1:2.0.4-5.7.0.4.0
  • openoffice.org2-javafilter-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-af_ZA-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ar-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-bg_BG-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-bn-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ca_ES-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-cs_CZ-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-cy_GB-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-da_DK-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-de-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-el_GR-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-es-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-et_EE-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-eu_ES-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-fi_FI-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-fr-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ga_IE-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-gl_ES-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-gu_IN-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-he_IL-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-hi_IN-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-hr_HR-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-hu_HU-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-it-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ja_JP-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ko_KR-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-lt_LT-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ms_MY-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-nb_NO-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-nl-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-nn_NO-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-pa_IN-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-pl_PL-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-pt_BR-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-pt_PT-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ru-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-sk_SK-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-sl_SI-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-sr_CS-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-sv-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-ta_IN-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-th_TH-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-tr_TR-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-zh_CN-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-zh_TW-1:2.0.4-5.7.0.4.0
  • openoffice.org2-langpack-zu_ZA-1:2.0.4-5.7.0.4.0
  • openoffice.org2-math-1:2.0.4-5.7.0.4.0
  • openoffice.org2-pyuno-1:2.0.4-5.7.0.4.0
  • openoffice.org2-testtools-1:2.0.4-5.7.0.4.0
  • openoffice.org2-writer-1:2.0.4-5.7.0.4.0
  • openoffice.org2-xsltfilter-1:2.0.4-5.7.0.4.0
  • openoffice.org-base-1:2.0.4-5.4.26
  • openoffice.org-calc-1:2.0.4-5.4.26
  • openoffice.org-core-1:2.0.4-5.4.26
  • openoffice.org-draw-1:2.0.4-5.4.26
  • openoffice.org-emailmerge-1:2.0.4-5.4.26
  • openoffice.org-graphicfilter-1:2.0.4-5.4.26
  • openoffice.org-impress-1:2.0.4-5.4.26
  • openoffice.org-javafilter-1:2.0.4-5.4.26
  • openoffice.org-langpack-af_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-ar-1:2.0.4-5.4.26
  • openoffice.org-langpack-as_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-bg_BG-1:2.0.4-5.4.26
  • openoffice.org-langpack-bn-1:2.0.4-5.4.26
  • openoffice.org-langpack-ca_ES-1:2.0.4-5.4.26
  • openoffice.org-langpack-cs_CZ-1:2.0.4-5.4.26
  • openoffice.org-langpack-cy_GB-1:2.0.4-5.4.26
  • openoffice.org-langpack-da_DK-1:2.0.4-5.4.26
  • openoffice.org-langpack-de-1:2.0.4-5.4.26
  • openoffice.org-langpack-el_GR-1:2.0.4-5.4.26
  • openoffice.org-langpack-es-1:2.0.4-5.4.26
  • openoffice.org-langpack-et_EE-1:2.0.4-5.4.26
  • openoffice.org-langpack-eu_ES-1:2.0.4-5.4.26
  • openoffice.org-langpack-fi_FI-1:2.0.4-5.4.26
  • openoffice.org-langpack-fr-1:2.0.4-5.4.26
  • openoffice.org-langpack-ga_IE-1:2.0.4-5.4.26
  • openoffice.org-langpack-gl_ES-1:2.0.4-5.4.26
  • openoffice.org-langpack-gu_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-he_IL-1:2.0.4-5.4.26
  • openoffice.org-langpack-hi_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-hr_HR-1:2.0.4-5.4.26
  • openoffice.org-langpack-hu_HU-1:2.0.4-5.4.26
  • openoffice.org-langpack-it-1:2.0.4-5.4.26
  • openoffice.org-langpack-ja_JP-1:2.0.4-5.4.26
  • openoffice.org-langpack-kn_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-ko_KR-1:2.0.4-5.4.26
  • openoffice.org-langpack-lt_LT-1:2.0.4-5.4.26
  • openoffice.org-langpack-ml_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-mr_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-ms_MY-1:2.0.4-5.4.26
  • openoffice.org-langpack-nb_NO-1:2.0.4-5.4.26
  • openoffice.org-langpack-nl-1:2.0.4-5.4.26
  • openoffice.org-langpack-nn_NO-1:2.0.4-5.4.26
  • openoffice.org-langpack-nr_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-nso_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-or_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-pa_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-pl_PL-1:2.0.4-5.4.26
  • openoffice.org-langpack-pt_BR-1:2.0.4-5.4.26
  • openoffice.org-langpack-pt_PT-1:2.0.4-5.4.26
  • openoffice.org-langpack-ru-1:2.0.4-5.4.26
  • openoffice.org-langpack-sk_SK-1:2.0.4-5.4.26
  • openoffice.org-langpack-sl_SI-1:2.0.4-5.4.26
  • openoffice.org-langpack-sr_CS-1:2.0.4-5.4.26
  • openoffice.org-langpack-ss_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-st_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-sv-1:2.0.4-5.4.26
  • openoffice.org-langpack-ta_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-te_IN-1:2.0.4-5.4.26
  • openoffice.org-langpack-th_TH-1:2.0.4-5.4.26
  • openoffice.org-langpack-tn_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-tr_TR-1:2.0.4-5.4.26
  • openoffice.org-langpack-ts_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-ur-1:2.0.4-5.4.26
  • openoffice.org-langpack-ve_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-xh_ZA-1:2.0.4-5.4.26
  • openoffice.org-langpack-zh_CN-1:2.0.4-5.4.26
  • openoffice.org-langpack-zh_TW-1:2.0.4-5.4.26
  • openoffice.org-langpack-zu_ZA-1:2.0.4-5.4.26
  • openoffice.org-math-1:2.0.4-5.4.26
  • openoffice.org-pyuno-1:2.0.4-5.4.26
  • openoffice.org-testtools-1:2.0.4-5.4.26
  • openoffice.org-writer-1:2.0.4-5.4.26
  • openoffice.org-xsltfilter-1:2.0.4-5.4.26
refmap via4
bid 28819
confirm
debian DSA-1547
fedora FEDORA-2008-3251
gentoo GLSA-200805-16
idefense 20080417 Multiple Vendor OpenOffice QPRO Multiple Heap Overflow Vulnerabilities
mandriva MDVSA-2008:095
misc https://bugzilla.redhat.com/show_bug.cgi?id=435678
sectrack 1019891
secunia
  • 29852
  • 29864
  • 29871
  • 29910
  • 29913
  • 29987
  • 30100
  • 30179
sunalert 231601
suse SUSE-SA:2008:023
ubuntu USN-609-1
vupen
  • ADV-2008-1253
  • ADV-2008-1375
xf openoffice-quattropro-bo(41863)
saint via4
bid 28819
description OpenOffice OLE importer DocumentSummaryInformation buffer overflow
id misc_openoffice
osvdb 44472
title openoffice_ole_importer
type client
Last major update 17-10-2011 - 00:00
Published 17-04-2008 - 15:05
Last modified 28-09-2017 - 21:29
Back to Top