Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23250
HistoryFeb 17, 2010 - 12:00 a.m.

VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities

2010-02-1700:00:00
vulners.com
36

0.548 Medium

EPSS

Percentile

97.7%

JSON

VUPEN Security Research - OpenOffice.org Word Document Handling Heap
Overflow Vulnerabilities

http://www.vupen.com/english/research.php

I. BACKGROUND

OpenOffice.org (OO.o or OOo), commonly known as OpenOffice, is an
open source software application suite available for a number of
different computer operating systems. It is distributed as free
software and written using its own GUI toolkit. It supports the
ISO/IEC standard OpenDocument Format (ODF) for data interchange
as its default file format, as well as Microsoft Office formats
among others. (Wikipedia)

II. DESCRIPTION

VUPEN Vulnerability Research Team discovered critical vulnerabilities
affecting OpenOffice.org.

The first vulnerability is caused by a heap overflow error when
processing malformed "sprmTDefTable" records in a Word document,
which could be exploited by attackers to execute arbitrary code.

The second vulnerability is caused by a heap overflow error when
processing malformed "sprmTSetBrc" records in a Word document,
which could be exploited by attackers to compromise a vulnerable
system.

III. AFFECTED PRODUCTS

OpenOffice.org versions prior to 3.2

IV. Exploits - PoCs & Binary Analysis

In-depth binary analysis of the vulnerabilities and exploits/PoCs
have been released by VUPEN Security through the VUPEN Exploits &
PoCs Service :

http://www.vupen.com/exploits

V. SOLUTION

Upgrade to OpenOffice.org version 3.2

VI. CREDIT

The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security

VII. ABOUT VUPEN Security

VUPEN is a leading IT security research company providing vulnerability
management services to allow enterprises and organizations to eliminate
vulnerabilities before they can be exploited, ensure security policy
compliance and meaningfully measure and manage risks.

VUPEN also provides research services for security vendors (antivirus,
IDS, IPS,etc) to supplement their internal vulnerability research efforts
and quickly develop vulnerability-based and exploit-based signatures,
rules, and filters, and proactively protect their customers against
potential threats.

  • VUPEN Vulnerability Notification Service:

http://www.vupen.com/english/services

  • VUPEN Exploits and In-Depth Vulnerability Analysis:

http://www.vupen.com/exploits

VIII. REFERENCES

http://www.vupen.com/english/advisories/2010/0366
http://www.openoffice.org/security/cves/CVE-2009-3301-3302.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3302

IX. DISCLOSURE TIMELINE

2009-11-03 - Vendor notified
2009-11-05 - Vendor response
2009-11-10 - Status update received
2009-12-21 - Status update received
2010-02-02 - Status update received
2010-02-12 - Coordinated public Disclosure

Related

checkpoint_advisories 1
securityvulns 3
nessus 22
openvas 26
centos 1
fedora 4
oraclelinux 1
redhat 1
cvelist 2
veracode 2
prion 2
nvd 2
ubuntucve 2
cve 2
suse 1
debian 4
osv 1
ubuntu 1
freebsd 1
threatpost 1
gentoo 1
oracle 1
checkpoint_advisories
checkpoint_advisories
OpenOffice.org Microsoft Word File Processing Integer Underflow (CVE-2009-3301; CVE-2009-3302)
2010-06-03 00:00:00
securityvulns
securityvulns
OpenOffice buffer overflow
2010-02-17 00:00:00
Oracle Critical Patch Update Advisory - October 2010
2010-10-13 00:00:00
Oracle / Sun / Peoplesoft applications multiple security vulnerabilities
2011-07-18 00:00:00
nessus
nessus
Fedora 12 : openoffice.org-3.1.1-19.26.fc12 (2010-1847)
2010-07-01 00:00:00
CentOS 3 / 4 / 5 : openoffice.org (CESA-2010:0101)
2010-02-15 00:00:00
RHEL 3 / 4 / 5 : openoffice.org (RHSA-2010:0101)
2010-02-15 00:00:00
openvas
openvas
OpenOffice Multiple Remote Code Execution Vulnerabilities - Feb10
2010-02-19 00:00:00
OpenOffice Multiple Remote Code Execution Vulnerabilities (Feb 2010)
2010-02-19 00:00:00
CentOS Update for openoffice.org CESA-2010:0101 centos3 i386
2010-02-15 00:00:00
centos
centos
openoffice.org, openoffice.org2 security update
2010-02-13 23:15:08
fedora
fedora
[SECURITY] Fedora 12 Update: openoffice.org-3.1.1-19.26.fc12
2010-02-16 13:06:14
[SECURITY] Fedora 11 Update: openoffice.org-3.1.1-19.12.fc11
2010-02-16 13:24:28
[SECURITY] Fedora 11 Update: openoffice.org-3.1.1-19.13.fc11
2010-06-07 22:26:04
oraclelinux
oraclelinux
openoffice.org security update
2010-02-12 00:00:00
redhat
redhat
(RHSA-2010:0101) Important: openoffice.org security update
2010-02-12 00:00:00
cvelist
cvelist
CVE-2009-3301
2010-02-16 19:00:00
CVE-2009-3302
2010-02-16 19:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:47:11
Arbitrary Code Execution
2020-04-10 00:47:12
prion
prion
Integer overflow
2010-02-16 19:30:00
Design/Logic Flaw
2010-02-16 19:30:00
nvd
nvd
CVE-2009-3301
2010-02-16 19:30:00
CVE-2009-3302
2010-02-16 19:30:00
ubuntucve
ubuntucve
CVE-2009-3301
2010-02-16 00:00:00
CVE-2009-3302
2010-02-16 00:00:00
cve
cve
CVE-2009-3302
2010-02-16 19:30:00
CVE-2009-3301
2010-02-16 19:30:00
suse
suse
remote code execution in OpenOffice_org
2010-03-16 16:11:32
debian
debian
[Backports-security-announce] Security Update for openoffice.org
2010-02-12 20:45:28
[Backports-security-announce] Security Update for openoffice.org
2010-02-12 20:39:53
[Backports-security-announce] Security Update for openoffice.org
2010-02-12 20:39:53
osv
osv
openoffice.org - several
2010-02-12 00:00:00
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2010-02-24 00:00:00
freebsd
freebsd
openoffice.org -- multiple vulnerabilities
2006-08-24 00:00:00
threatpost
threatpost
OpenOffice Zaps Six Security Bugs
2010-02-18 15:09:26
gentoo
gentoo
OpenOffice, LibreOffice: Multiple vulnerabilities
2014-08-31 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2010
2010-10-12 00:00:00

0.548 Medium

EPSS

Percentile

97.7%

JSON
Related for SECURITYVULNS:DOC:23250
checkpoint_advisories1securityvulns3nessus22openvas26centos1fedora4oraclelinux1redhat1cvelist2veracode2prion2nvd2ubuntucve2cve2suse1debian4osv1ubuntu1freebsd1threatpost1gentoo1oracle1