FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openoffice -- DOC document heap overflow vulnerability

Affected packages
ar-openoffice < 1.1.4_2
2.* < ar-openoffice <= 2.0.20050406
ca-openoffice < 1.1.4_2
2.* < ca-openoffice <= 2.0.20050406
cs-openoffice < 1.1.4_2
2.* < cs-openoffice <= 2.0.20050406
de-openoffice < 1.1.4_2
2.* < de-openoffice <= 2.0.20050406
dk-openoffice < 1.1.4_2
2.* < dk-openoffice <= 2.0.20050406
el-openoffice < 1.1.4_2
2.* < el-openoffice <= 2.0.20050406
es-openoffice < 1.1.4_2
2.* < es-openoffice <= 2.0.20050406
et-openoffice < 1.1.4_2
2.* < et-openoffice <= 2.0.20050406
fi-openoffice < 1.1.4_2
2.* < fi-openoffice <= 2.0.20050406
fr-openoffice < 1.1.4_2
2.* < fr-openoffice <= 2.0.20050406
gr-openoffice < 1.1.4_2
2.* < gr-openoffice <= 2.0.20050406
hu-openoffice < 1.1.4_2
2.* < hu-openoffice <= 2.0.20050406
it-openoffice < 1.1.4_2
2.* < it-openoffice <= 2.0.20050406
ja-openoffice < 1.1.4_2
2.* < ja-openoffice <= 2.0.20050406
jp-openoffice < 1.1.4_2
2.* < jp-openoffice <= 2.0.20050406
ko-openoffice < 1.1.4_2
2.* < ko-openoffice <= 2.0.20050406
kr-openoffice < 1.1.4_2
2.* < kr-openoffice <= 2.0.20050406
nl-openoffice < 1.1.4_2
2.* < nl-openoffice <= 2.0.20050406
openoffice < 1.1.4_2
2.* < openoffice <= 2.0.20050406
pl-openoffice < 1.1.4_2
2.* < pl-openoffice <= 2.0.20050406
pt-openoffice < 1.1.4_2
2.* < pt-openoffice <= 2.0.20050406
pt_BR-openoffice < 1.1.4_2
2.* < pt_BR-openoffice <= 2.0.20050406
ru-openoffice < 1.1.4_2
2.* < ru-openoffice <= 2.0.20050406
se-openoffice < 1.1.4_2
2.* < se-openoffice <= 2.0.20050406
sk-openoffice < 1.1.4_2
2.* < sk-openoffice <= 2.0.20050406
sl-openoffice-SI < 1.1.4_2
2.* < sl-openoffice-SI <= 2.0.20050406
sl-openoffice-SL < 1.1.4_2
2.* < sl-openoffice-SL <= 2.0.20050406
tr-openoffice < 1.1.4_2
2.* < tr-openoffice <= 2.0.20050406
zh-openoffice < 1.1.4_2
2.* < zh-openoffice <= 2.0.20050406
zh-openoffice-CN < 1.1.4_2
2.* < zh-openoffice-CN <= 2.0.20050406
zh-openoffice-TW < 1.1.4_2
2.* < zh-openoffice-TW <= 2.0.20050406
zh_TW-openoffice < 1.1.4_2
2.* < zh_TW-openoffice <= 2.0.20050406
6.0.a609 <= ja-openoffice <= 6.0.a638
641c <= ja-openoffice <= 645
ja-openoffice = 1.1RC4
ja-openoffice = 1.1rc5
6.0.a609 <= openoffice <= 6.0.a638
641c <= openoffice <= 645
openoffice = 1.1RC4
openoffice = 1.1rc5

Details

VuXML ID b206dd82-ac67-11d9-a788-0001020eed82
Discovery 2005-04-11
Entry 2005-04-13
Modified 2005-04-20

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker to crash OpenOffice, or potentially execute arbitrary code as the user running OpenOffice, by tricking an user into opening a specially crafted DOC document.

References

Bugtraq ID 13092
CVE Name CVE-2005-0941
Message 20050412000438.17342.qmail@www.securityfocus.com
URL http://www.openoffice.org/issues/show_bug.cgi?id=46388