MDVSA-2010:221 -- Mandriva openoffice.orgID: oval:org.secpod.oval:def:300063 | Date: (C)2012-01-07 (M)2023-11-09 |
Class: PATCH | Family: unix |
Multiple vulnerabilities was discovered and corrected in the OpenOffice.org: Integer overflow allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow . Heap-based buffer overflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression . Integer underflow allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document . boundary error flaw allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document . Lack of properly enforcing Visual Basic for Applications macro security settings, which allows remote attackers to run arbitrary macros via a crafted document . User-assisted remote attackers are able to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text file that triggers code execution when the macro directory structure is previewed . Impress module does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an integer truncation error . Integer overflow in the Impress allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow . Packages for 2009.0 are provided as of the Extended Maintenance Program
Platform: |
Mandriva Linux 2010.0 |
Mandriva Linux 2010.1 |
Mandriva Linux 2009.0 |