Lucene search

[email protected]CVE-2012-2665

HistoryAug 06, 2012 - 6:55 p.m.

CVE-2012-2665

2012-08-0618:55:01

CWE-787

[email protected]

web.nvd.nist.gov

cve-2012-2665

xml

manifest

encryption

buffer overflow

openoffice

libreoffice

denial of service

arbitrary code

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.079 Low

EPSS

Percentile

94.3%

JSON

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

Affected configurations

NVD

Node

apacheopenofficeRange<3.4.1

libreofficelibreofficeRange<3.5.5

Node

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch11.04

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_for_ibm_z_systemsMatch6.0

redhatenterprise_linux_for_power_big_endianMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_from_rhui_6Match6.0

redhatenterprise_linux_workstationMatch6.0

CPENameOperatorVersion
apache:openofficeapache openofficelt3.4.1
libreoffice:libreofficelibreofficelt3.5.5

CPE	Name	Operator	Version
apache:openoffice	apache openoffice	lt	3.4.1
libreoffice:libreoffice	libreoffice	lt	3.5.5

References

rhn.redhat.com/errata/RHSA-2012-1135.html

secunia.com/advisories/50142

secunia.com/advisories/50146

secunia.com/advisories/50692

secunia.com/advisories/60799

security.gentoo.org/glsa/glsa-201209-05.xml

www.debian.org/security/2012/dsa-2520

www.gentoo.org/security/en/glsa/glsa-201408-19.xml

www.libreoffice.org/about-us/security/advisories/cve-2012-2665/

www.pre-cert.de/advisories/PRE-SA-2012-05.txt

www.securityfocus.com/bid/54769

www.securitytracker.com/id?1027331

www.securitytracker.com/id?1027332

www.ubuntu.com/usn/USN-1536-1

www.ubuntu.com/usn/USN-1537-1

bugzilla.redhat.com/show_bug.cgi?id=826077

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

High

0.079 Low

EPSS

Percentile

94.3%

JSON

Related for CVE-2012-2665

nessus18 openvas24 ubuntu2 debiancve1 securityvulns4 prion1 redhat2 debian1 nvd1 centos2 ubuntucve1 oraclelinux1 cvelist1 fedora1 gentoo2