Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability

Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via invalid PLCF data in a DOC document file.

CVE
Open in Source
#vulnerability#web#microsoft#linux#dos#apache#js

  • Nmap Security Scanner

    • Intro
    • Ref Guide
    • Install Guide
    • Download
    • Changelog
    • Book
    • Docs

  • Security Lists

    • Nmap Announce
    • Nmap Dev
    • Bugtraq
    • Full Disclosure
    • Pen Test
    • Basics
    • More

  • Security Tools

    • Password audit
    • Sniffers
    • Vuln scanners
    • Web scanners
    • Wireless
    • Exploitation
    • Packet crafters
    • More

  • Site News

  • Advertising

  • About/Contact

  • Sponsors:

/

bugtraq logo Bugtraq mailing list archives

CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability

From: Herbert Duerr <hdu () apache org>
Date: Fri, 26 Jul 2013 07:56:20 +0200

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

CVE-2013-2189 OpenOffice DOC Memory Corruption Vulnerability

Severity: Important Vendor: The Apache Software Foundation

Versions Affected: Apache OpenOffice 3.4.0 to 3.4.1 on all platforms. Predecessor versions of OpenOffice.org may be also affected.

Description:

 The vulnerability is caused by operating on invalid PLCF (Plex of

Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified.

Mitigation:

 Apache OpenOffice 3.4 users are advised to upgrade to Apache

OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents.

Credits:

 The Apache OpenOffice Security Team credits Jeremy Brown of

Microsoft Vulnerability Research as the discoverer of this flaw.

Herbert Dürr Member of the Apache OpenOffice Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJR8g9+AAoJEDfnuKc+PLjJbqIP/2PaWKJvwYVXOmr33gVD4Kpx Q2zzCfK/je3rJmK6PAfJpGB2ooKim00/Q/+G+gYvvi+35NQLk2dgfynkdhRiQP59 9DaPeNC7NDAjDgIk+8hC/reKmwfqdyyMj0FU/NwIIjEsMPMzKl3Vc1svEN9vz5GN lc3fLORH5GPUVZkwJfV+C+CyBCLk3Yurxd4GNTBpqFKmbR7ENQmKPAmH5gEMIZO7 iCSzGK4terEUjUtAmvHy4yFlZtHz33XgvMZZrbE92y7ppoury8ZN4mb42vAowTDQ +JSGtBKCGPDQRaoDOJdwhafgFcnRu10sJbUtYMmSy9qcZNq6JFHe2aR7+j9h0pN+ c85HgwM/NyCjmw8y5EhD+3Cjwc6AlF9olekPSUui7x+6svDj3uVSM4/tpg/pPXLn 0SLB8r6BrxfP5naqMFwISdbSZaQiGuV3JvFhz7VB6k8tMuzIgI8Huw9IT28LP34F Yxn2VCvzHpZOpWHB9lYORxn1GI+WlrSrKvbaZYUOnBm8fniLHuRSSrra+IWOZqjW UbCko1gtr0A0b9HEeuVVeJAKyXEL52hUUJ2RmZfGJdWGLC/k/8i+s4Ppvqzmf3r2 ujAfn89Vhk12cAb5NXidV4Nh8Ko82Ow32GBBHlavPHX5T5LVnGNa6CWGoctuQGru T6rrd/hV6DXtMmgWPTPH =t46D -----END PGP SIGNATURE-----

By Date By Thread

Current thread:

  • CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability Herbert Duerr (Jul 26)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE