Exploit Intelligence Platform

CVE-2012-2665 EPSS 0.05

OpenOffice.org/LibreOffice <3.5.5 - Buffer Overflow

Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.

CWE-787 Aug 06, 2012

CVE-2012-0037 6.5 MEDIUM EPSS 0.01

Librdf Raptor < 2.0.7 - XXE

Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.

CWE-611 Jun 17, 2012

CVE-2010-4643 EPSS 0.04

Apache Openoffice < 3.3.0 - Out-of-Bounds Write

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.

CWE-787 Jan 28, 2011

CVE-2010-4253 EPSS 0.06

Apache Openoffice < 3.3.0 - Out-of-Bounds Write

Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.

CWE-787 Jan 28, 2011

CVE-2010-3689 EPSS 0.00

Apache Openoffice < 3.3.0 - Path Traversal

soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

CWE-22 Jan 28, 2011

CVE-2010-3454 EPSS 0.10

OpenOffice.org <3.3 - RCE

Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.

CWE-193 Jan 28, 2011

CVE-2010-3453 EPSS 0.07

OpenOffice.org 2.x-3.3 - DoS

The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.

CWE-787 Jan 28, 2011

CVE-2010-3452 EPSS 0.10

OpenOffice.org <3.3 - Use After Free

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document.

CWE-416 Jan 28, 2011

CVE-2010-3451 EPSS 0.10

OpenOffice.org <3.3 - Use After Free

Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document.

CWE-416 Jan 28, 2011

CVE-2010-3450 EPSS 0.03

OpenOffice.org 2.x-3.3 - Path Traversal

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

CWE-22 Jan 28, 2011

CVE-2010-4494 EPSS 0.01

Google Chrome < 8.0.552.215 - Double Free

Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to XPath handling.

CWE-415 Dec 07, 2010

CVE-2010-4008 EPSS 0.01

Google Chrome < 7.0.517.44 - Memory Corruption

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

CWE-119 Nov 17, 2010

CVE-2010-0395 EPSS 0.21

OpenOffice.org <3.2.1 - Auth Bypass

OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed.

Jun 10, 2010

CVE-2010-0136 EPSS 0.05

Apache Openoffice - Command Injection

OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

CWE-77 Feb 16, 2010

CVE-2009-3302 EPSS 0.43

Apache Openoffice < 3.2.0 - Code Injection

filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."

CWE-94 Feb 16, 2010

CVE-2009-3301 EPSS 0.43

Apache Openoffice < 3.2.0 - Integer Underflow

Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.

CWE-191 Feb 16, 2010

CVE-2009-2950 EPSS 0.25

Apache Openoffice < 3.2.0 - Out-of-Bounds Write

Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.

CWE-787 Feb 16, 2010

CVE-2009-2949 EPSS 0.58

Apache Openoffice < 3.2.0 - Integer Overflow

Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.

CWE-190 Feb 16, 2010

CVE-2008-3282 7.8 HIGH EPSS 0.01

OpenOffice.org <2.4.1 - RCE

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.

CWE-681 Aug 29, 2008

CVE-2007-2834 EPSS 0.15

OpenOffice.org <2.3 - RCE

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

CWE-190 Sep 18, 2007

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps