MidnightBSD

Advisories for openoffice

CVE-2002-2210 MEDIUM

The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openoffice openoffice 1.0.1
CVE-2004-0752 LOW

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openoffice openoffice 1.1.2
CVE-2005-0941 MEDIUM

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openoffice openoffice 1.1.1
openoffice openoffice 1.1.4
openoffice openoffice 1.0.2
openoffice openoffice 1.1.2
openoffice openoffice 1.0.1
openoffice openoffice 1.1.3
openoffice openoffice 1.1.0
CVE-2005-4636 MEDIUM

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
openoffice openoffice 1.1.1
openoffice openoffice 1.1.4
openoffice openoffice 1.1.5
openoffice openoffice 1.0.2
openoffice openoffice 1.1.2
openoffice openoffice 2.0
openoffice openoffice 1.0.1
openoffice openoffice 1.1.3
openoffice openoffice 1.1.0
CVE-2006-2198 HIGH

OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-264,

Products Affected

Vendor Product Version
openoffice openoffice 1.1.1
openoffice openoffice 1.1.1b
openoffice openoffice 1.1.4
openoffice openoffice 2.0.2_rc2
openoffice openoffice 2.0.2
openoffice openoffice 1.1.3
openoffice openoffice 2.0.2_rc4
openoffice openoffice 2.0.0
openoffice openoffice 2.0.0_rc3
openoffice openoffice 2.0.2_rc1
openoffice openoffice 2.0.3_rc4
openoffice openoffice 2.0.0_rc1
sun staroffice 8.0
openoffice openoffice 1.1.2
openoffice openoffice 2.0.1
openoffice openoffice 2.0.3_rc6
sun staroffice 7.0
openoffice openoffice 2.0.0_rc2
openoffice openoffice 1.1.0
openoffice openoffice 2.0.2_rc3
openoffice openoffice 1.1.5
openoffice openoffice 2.0.3_rc3
openoffice openoffice 1.1.1a
openoffice openoffice 2.0.3_rc5
CVE-2006-2199 HIGH

Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
openoffice openoffice 1.1.1
openoffice openoffice 1.1.4
sun staroffice 8.0
openoffice openoffice 1.1.2
openoffice openoffice 2.0.1
openoffice openoffice 2.0.2
openoffice openoffice 1.1.3
sun staroffice 7.0
sun staroffice 6.0
openoffice openoffice 1.1.0
openoffice openoffice 2.0.0
openoffice openoffice 1.1.5
CVE-2006-3117 HIGH

Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
openoffice openoffice 1.1.1
openoffice openoffice 1.1.4
sun staroffice 8.0
openoffice openoffice 1.1.2
openoffice openoffice 2.0
openoffice openoffice 2.0.1
openoffice openoffice 2.0.2
openoffice openoffice 1.1.3
sun staroffice 7.0
sun staroffice 6.0
openoffice openoffice 1.1.0
openoffice openoffice 2.0.0
CVE-2010-2935 HIGH

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openoffice openoffice.org 3.2.1
CVE-2010-2936 HIGH

Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
openoffice openoffice.org 3.2.1