Veracode Vulnerability DatabaseVERACODE:24560Arbitrary Code Execution
0.019 Low
EPSS
Percentile
88.5%
openoffice.org is vulnerable to arbitrary code execution. The vulnerability exists as a heap-based buffer overflow flaw was found in the way OpenOffice.org parsed certain TARGA (Truevision TGA) files. An attacker could use this flaw to create a specially-crafted TARGA file. If a document containing this specially-crafted TARGA file was opened, or if a user tried to insert the file into an existing document, it would cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.
References
osvdb.org/70718
secunia.com/advisories/40775
secunia.com/advisories/42999
secunia.com/advisories/43065
secunia.com/advisories/43105
secunia.com/advisories/43118
secunia.com/advisories/60799
ubuntu.com/usn/usn-1056-1
www.debian.org/security/2011/dsa-2151
www.gentoo.org/security/en/glsa/glsa-201408-19.xml
www.mandriva.com/security/advisories?name=MDVSA-2011:027
www.openoffice.org/security/cves/CVE-2010-4643.html
www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
www.redhat.com/support/errata/RHSA-2011-0181.html
www.redhat.com/support/errata/RHSA-2011-0182.html
www.securityfocus.com/bid/46031
www.securitytracker.com/id?1025002
www.vupen.com/english/advisories/2011/0230
www.vupen.com/english/advisories/2011/0232
www.vupen.com/english/advisories/2011/0279
access.redhat.com/errata/RHSA-2011:0181
access.redhat.com/errata/RHSA-2011:0182
access.redhat.com/errata/RHSA-2011:0183
access.redhat.com/security/cve/CVE-2010-4643
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=667588
exchange.xforce.ibmcloud.com/vulnerabilities/65441
Related
