The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice | 1.0.1 |
OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice | 1.1.2 |
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 1.1.4 |
| openoffice | openoffice | 1.0.2 |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 1.0.1 |
| openoffice | openoffice | 1.1.3 |
| openoffice | openoffice | 1.1.0 |
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 1.1.4 |
| openoffice | openoffice | 1.1.5 |
| openoffice | openoffice | 1.0.2 |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 2.0 |
| openoffice | openoffice | 1.0.1 |
| openoffice | openoffice | 1.1.3 |
| openoffice | openoffice | 1.1.0 |
OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 1.1.1b |
| openoffice | openoffice | 1.1.4 |
| openoffice | openoffice | 2.0.2_rc2 |
| openoffice | openoffice | 2.0.2 |
| openoffice | openoffice | 1.1.3 |
| openoffice | openoffice | 2.0.2_rc4 |
| openoffice | openoffice | 2.0.0 |
| openoffice | openoffice | 2.0.0_rc3 |
| openoffice | openoffice | 2.0.2_rc1 |
| openoffice | openoffice | 2.0.3_rc4 |
| openoffice | openoffice | 2.0.0_rc1 |
| sun | staroffice | 8.0 |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 2.0.1 |
| openoffice | openoffice | 2.0.3_rc6 |
| sun | staroffice | 7.0 |
| openoffice | openoffice | 2.0.0_rc2 |
| openoffice | openoffice | 1.1.0 |
| openoffice | openoffice | 2.0.2_rc3 |
| openoffice | openoffice | 1.1.5 |
| openoffice | openoffice | 2.0.3_rc3 |
| openoffice | openoffice | 1.1.1a |
| openoffice | openoffice | 2.0.3_rc5 |
Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 1.1.4 |
| sun | staroffice | 8.0 |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 2.0.1 |
| openoffice | openoffice | 2.0.2 |
| openoffice | openoffice | 1.1.3 |
| sun | staroffice | 7.0 |
| sun | staroffice | 6.0 |
| openoffice | openoffice | 1.1.0 |
| openoffice | openoffice | 2.0.0 |
| openoffice | openoffice | 1.1.5 |
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice | 1.1.1 |
| openoffice | openoffice | 1.1.4 |
| sun | staroffice | 8.0 |
| openoffice | openoffice | 1.1.2 |
| openoffice | openoffice | 2.0 |
| openoffice | openoffice | 2.0.1 |
| openoffice | openoffice | 2.0.2 |
| openoffice | openoffice | 1.1.3 |
| sun | staroffice | 7.0 |
| sun | staroffice | 6.0 |
| openoffice | openoffice | 1.1.0 |
| openoffice | openoffice | 2.0.0 |
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice.org | 3.2.1 |
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| openoffice | openoffice.org | 3.2.1 |