ID CVE-2010-2935
Summary simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice.org:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice.org:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-08-15T04:00:04.921-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Dragos Prisaca
    organization Symantec Corporation
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Jonathan Baker
    organization The MITRE Corporation
definition_extensions
comment OpenOffice.org is installed
oval oval:org.mitre.oval:def:12053
description simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
family windows
id oval:org.mitre.oval:def:12063
status accepted
submitted 2010-09-08T12:12:46
title Integer truncation error in OpenOffice.org version 3.2.1
version 10
redhat via4
advisories
rhsa
id RHSA-2010:0643
rpms
  • openoffice.org-0:1.1.2-48.2.0.EL3
  • openoffice.org-i18n-0:1.1.2-48.2.0.EL3
  • openoffice.org-libs-0:1.1.2-48.2.0.EL3
  • openoffice.org2-base-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-calc-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-core-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-draw-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-emailmerge-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-graphicfilter-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-impress-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-javafilter-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-af_ZA-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ar-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-bg_BG-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-bn-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ca_ES-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-cs_CZ-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-cy_GB-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-da_DK-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-de-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-el_GR-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-es-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-et_EE-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-eu_ES-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-fi_FI-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-fr-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ga_IE-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-gl_ES-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-gu_IN-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-he_IL-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-hi_IN-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-hr_HR-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-hu_HU-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-it-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ja_JP-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ko_KR-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-lt_LT-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ms_MY-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-nb_NO-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-nl-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-nn_NO-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-pa_IN-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-pl_PL-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-pt_BR-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-pt_PT-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ru-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-sk_SK-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-sl_SI-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-sr_CS-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-sv-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-ta_IN-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-th_TH-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-tr_TR-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-zh_CN-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-zh_TW-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-langpack-zu_ZA-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-math-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-pyuno-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-testtools-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-writer-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org2-xsltfilter-1:2.0.4-5.7.0.6.1.el4_8.6
  • openoffice.org-0:1.1.5-10.6.0.7.EL4.5
  • openoffice.org-i18n-0:1.1.5-10.6.0.7.EL4.5
  • openoffice.org-kde-0:1.1.5-10.6.0.7.EL4.5
  • openoffice.org-libs-0:1.1.5-10.6.0.7.EL4.5
refmap via4
confirm
debian DSA-2099
gentoo GLSA-201408-19
mandriva MDVSA-2010:221
misc http://securityevaluators.com/files/papers/CrashAnalysis.pdf
mlist
  • [dev] 20100806 Two exploitable OpenOffice.org bugs!
  • [oss-security] 20100811 CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
  • [oss-security] 20100811 Re: CVE Request -- OpenOffice.org [two ids]: 1, integer truncation error 2, short integer overflow
sectrack
  • 1024352
  • 1024976
secunia
  • 40775
  • 41052
  • 41235
  • 42927
  • 43105
  • 60799
suse
  • SUSE-SR:2010:019
  • SUSE-SR:2010:024
ubuntu USN-1056-1
vupen
  • ADV-2010-2003
  • ADV-2010-2149
  • ADV-2010-2228
  • ADV-2010-2905
  • ADV-2011-0150
  • ADV-2011-0230
  • ADV-2011-0279
Last major update 19-09-2017 - 01:31
Published 25-08-2010 - 20:00
Back to Top