[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96125

 
 

909

 
 

78020

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-2935

Date: (C)2010-08-25   (M)2017-09-19
 
CVSS Score: 9.3Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

Reference:
SECTRACK-1024352
SECTRACK-1024976
SECUNIA-40775
SECUNIA-41052
SECUNIA-41235
SECUNIA-42927
SECUNIA-43105
SECUNIA-60799
ADV-2010-2003
ADV-2010-2149
ADV-2010-2228
ADV-2010-2905
ADV-2011-0150
ADV-2011-0230
ADV-2011-0279
DSA-2099
GLSA-201408-19
MDVSA-2010:221
RHSA-2010:0643
SUSE-SR:2010:019
SUSE-SR:2010:024
USN-1056-1
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
http://www.openwall.com/lists/oss-security/2010/08/11/1
http://www.openwall.com/lists/oss-security/2010/08/11/4
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
https://bugzilla.redhat.com/show_bug.cgi?id=622529

CWE    1
CWE-189
OVAL    10
oval:org.mitre.oval:def:12063
oval:org.secpod.oval:def:200054
oval:org.secpod.oval:def:200111
oval:org.secpod.oval:def:200115
...

© 2013 SecPod Technologies