Headline
CVE-2010-3454: Secunia Research
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
The Secunia Research team from Flexera is comprised of a number of security specialists who—in addition to testing, verifying, and validating public vulnerability reports—conduct their own vulnerability research in various products. Since the founding of the Secunia Research team in 2002, it has been our goal to be provide the most accurate and reliable source of vulnerability intelligence.
Delivering the world’s best vulnerability intelligence requires skill and passion. The members of our team continually develop their skills exploring various high-profile closed and open source software using a variety of approaches, focusing chiefly on thorough code audits and binary analysis. In 2019 a member of our team was recognized by Microsoft’s Most Valuable Security Researchers list.
This enables Secunia researchers to discover hard-to-find vulnerabilities that are not normally identified via techniques such as fuzzing, and the approach has been effective. Members of the Secunia Research team have discovered critical vulnerabilities in products from vendors including Microsoft, Symantec, IBM, Adobe, RealNetworks, Trend Micro, HP, Blue Coat, Samba, CA, Mozilla, and Apple.
The team produces invaluable security advisories based upon the research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats; but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patch efforts. In these advisories, criticality scores are consistently applied along with details around attack vector and other valuable details. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters.
Related links
Software Vulnerability Research
Software Vulnerability Research - Secunia Data
Software Vulnerability Manager
Security advisories from Secunia Research
Anatomy of a security advisory
Vulnerability Disclosure Policy
Support
Informing IT, Transforming IT
Industry insights to help keep you informed