Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-903-1
HistoryFeb 24, 2010 - 12:00 a.m.

OpenOffice.org vulnerabilities

2010-02-2400:00:00
ubuntu.com
60

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON

Releases

  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.10
  • Ubuntu 8.04

Packages

Details

It was discovered that the XML HMAC signature system did not
correctly check certain lengths. If an attacker sent a truncated
HMAC, it could bypass authentication, leading to potential privilege
escalation. (CVE-2009-0217)

Sebastian Apelt and Frank Reißner discovered that OpenOffice did not
correctly import XPM and GIF images. If a user were tricked into opening
a specially crafted image, an attacker could execute arbitrary code with
user privileges. (CVE-2009-2949, CVE-2009-2950)

Nicolas Joly discovered that OpenOffice did not correctly handle
certain Word documents. If a user were tricked into opening a specially
crafted document, an attacker could execute arbitrary code with user
privileges. (CVE-2009-3301, CVE-2009-3302)

It was discovered that OpenOffice did not correctly handle certain
VBA macros correctly. If a user were tricked into opening a specially
crafted document, an attacker could execute arbitrary macro commands,
bypassing security controls. (CVE-2010-0136)

OSVersionArchitecturePackageVersionFilename
Ubuntu9.10noarchopenoffice.org-core< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchcli-uno-bridge< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchlibmythes-dev< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchmozilla-openoffice.org< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchopenoffice.org< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchopenoffice.org-base< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchopenoffice.org-base-core< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchopenoffice.org-calc< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchopenoffice.org-dev< 1:3.1.1-5ubuntu1.1UNKNOWN
Ubuntu9.10noarchopenoffice.org-draw< 1:3.1.1-5ubuntu1.1UNKNOWN
Rows per page:
1-10 of 1171

Related

openvas 62
debian 7
osv 2
nessus 51
suse 1
fedora 8
oraclelinux 2
redhat 2
centos 2
freebsd 2
threatpost 1
checkpoint_advisories 4
securityvulns 5
prion 7
cvelist 7
veracode 5
cve 7
ubuntucve 7
nvd 7
seebug 1
mskb 1
cert 1
debiancve 2
github 1
gentoo 1
ubuntu 1
ibm 2
openvas
openvas
Ubuntu Update for openoffice.org vulnerabilities USN-903-1
2010-03-02 00:00:00
SuSE Update for OpenOffice_org SUSE-SA:2010:017
2010-03-22 00:00:00
SuSE Update for OpenOffice_org SUSE-SA:2010:017
2010-03-22 00:00:00
debian
debian
[Backports-security-announce] Security Update for openoffice.org
2010-02-12 20:45:28
[Backports-security-announce] Security Update for openoffice.org
2010-02-12 20:39:53
[Backports-security-announce] Security Update for openoffice.org
2010-02-12 20:39:53
osv
osv
openoffice.org - several
2010-02-12 00:00:00
Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation
2022-05-02 03:13:38
nessus
nessus
SuSE 11 Security Update : OpenOffice_org (SAT Patch Number 2080)
2010-03-16 00:00:00
Debian DSA-1995-1 : openoffice.org - several vulnerabilities
2010-02-24 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 / 9.10 : openoffice.org vulnerabilities (USN-903-1)
2010-02-25 00:00:00
suse
suse
remote code execution in OpenOffice_org
2010-03-16 16:11:32
fedora
fedora
[SECURITY] Fedora 12 Update: openoffice.org-3.1.1-19.26.fc12
2010-02-16 13:06:14
[SECURITY] Fedora 11 Update: openoffice.org-3.1.1-19.12.fc11
2010-02-16 13:24:28
[SECURITY] Fedora 11 Update: openoffice.org-3.1.1-19.13.fc11
2010-06-07 22:26:04
oraclelinux
oraclelinux
openoffice.org security update
2010-02-12 00:00:00
xmlsec1 security update
2009-09-09 00:00:00
redhat
redhat
(RHSA-2010:0101) Important: openoffice.org security update
2010-02-12 00:00:00
(RHSA-2009:1428) Moderate: xmlsec1 security update
2009-09-08 00:00:00
centos
centos
openoffice.org, openoffice.org2 security update
2010-02-13 23:15:08
xmlsec1 security update
2009-09-09 00:48:06
freebsd
freebsd
openoffice.org -- multiple vulnerabilities
2006-08-24 00:00:00
mono -- XML signature HMAC truncation spoofing
2009-07-15 00:00:00
threatpost
threatpost
OpenOffice Zaps Six Security Bugs
2010-02-18 15:09:26
checkpoint_advisories
checkpoint_advisories
OpenOffice.org Microsoft Word File Processing Integer Underflow (CVE-2009-3301; CVE-2009-3302)
2010-06-03 00:00:00
OpenOffice.org XPM File Processing Integer Overflow (CVE-2009-2949)
2010-05-12 00:00:00
Microsoft XML Signature HMAC Truncation Bypass (MS10-041) - Ver2 (CVE-2009-0217)
2015-03-26 00:00:00
securityvulns
securityvulns
OpenOffice buffer overflow
2010-02-17 00:00:00
VUPEN Security Research - OpenOffice Word Document Processing Heap Overflow Vulnerabilities
2010-02-17 00:00:00
Microsoft .Net XML signing protection bypass
2010-06-09 00:00:00
prion
prion
Heap overflow
2010-02-16 19:30:00
Integer overflow
2010-02-16 19:30:00
Integer overflow
2010-02-16 19:30:00
cvelist
cvelist
CVE-2009-2950
2010-02-16 19:00:00
CVE-2009-3301
2010-02-16 19:00:00
CVE-2009-2949
2010-02-16 19:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:47:11
Arbitrary Code Execution
2020-04-10 00:47:11
Arbitrary Code Execution
2020-04-10 00:47:11
cve
cve
CVE-2009-2950
2010-02-16 19:30:00
CVE-2009-2949
2010-02-16 19:30:00
CVE-2010-0136
2010-02-16 19:30:00
ubuntucve
ubuntucve
CVE-2009-2950
2010-02-16 00:00:00
CVE-2009-3301
2010-02-16 00:00:00
CVE-2010-0136
2010-02-16 00:00:00
nvd
nvd
CVE-2009-2950
2010-02-16 19:30:00
CVE-2009-3301
2010-02-16 19:30:00
CVE-2009-3302
2010-02-16 19:30:00
seebug
seebug
OpenOffice VBA Macro Restrictions Remote Security Bypass Vulnerability
2010-03-17 00:00:00
mskb
mskb
MS10-041: Vulnerabilities in the Microsoft .NET Framework that could allow tampering
2012-05-08 22:34:55
cert
cert
XML signature HMAC truncation authentication bypass
2009-07-14 00:00:00
debiancve
debiancve
CVE-2009-0217
2009-07-14 23:30:00
CVE-2013-2155
2013-08-20 22:55:03
github
github
Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation
2022-05-02 03:13:38
gentoo
gentoo
OpenOffice, LibreOffice: Multiple vulnerabilities
2014-08-31 00:00:00
ubuntu
ubuntu
Mono vulnerabilities
2009-08-26 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Santuario XML Security for Java affect IBM InfoSphere Information Server
2022-10-14 22:24:44
Security Bulletin: A vulnerability in Apache XML Security for Java affects IBM Tivoli Business Service Manager (CVE-2013-4517, CVE-2013-2172, CVE-2009-0217, CVE-2021-40690)
2022-10-06 04:39:35

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.973 High

EPSS

Percentile

99.9%

JSON
Related for USN-903-1
openvas62debian7osv2nessus51suse1fedora8oraclelinux2redhat2centos2freebsd2threatpost1checkpoint_advisories4securityvulns5prion7cvelist7veracode5cve7ubuntucve7nvd7seebug1mskb1cert1debiancve2github1gentoo1ubuntu1ibm2