openoffice 缓冲区溢出代码执行漏洞

2023-12-12 23:56:35 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

CVE编号

CVE-2007-0245

利用情况

暂无

补丁情况

官方补丁

披露时间

2007-06-13

OpenOffice.org(Ooo)2.2.1和更早版本中基于堆的缓冲区溢出允许远程攻击者通过具有长度参数不一致的巧尽心思构建的prtdata标记的RTF文件执行任意代码，这将导致vtable条目被覆盖。 <br />  

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc
http://osvdb.org/35378
http://secunia.com/advisories/25648
http://secunia.com/advisories/25650
http://secunia.com/advisories/25673
http://secunia.com/advisories/25705
http://secunia.com/advisories/25862
http://secunia.com/advisories/25894
http://secunia.com/advisories/25905
http://secunia.com/advisories/26010
http://secunia.com/advisories/26022
http://secunia.com/advisories/26476
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102917-1
http://sw.openoffice.org/source/browse/sw/sw/source/filter/rtf/swparrtf.cxx?rev=1.67
http://www.debian.org/security/2007/dsa-1307
http://www.gentoo.org/security/en/glsa/glsa-200707-02.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:144
http://www.novell.com/linux/security/advisories/2007_37_openoffice.html
http://www.redhat.com/support/errata/RHSA-2007-0406.html
http://www.securityfocus.com/archive/1/471274/100/0/threaded
http://www.securityfocus.com/bid/24450
http://www.securitytracker.com/id?1018239
http://www.ubuntu.com/usn/usn-482-1
http://www.vupen.com/english/advisories/2007/2166
http://www.vupen.com/english/advisories/2007/2229
https://exchange.xforce.ibmcloud.com/vulnerabilities/34843
https://issues.rpath.com/browse/RPL-1570
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	openoffice	openoffice	*		Up to (including) 2.2.1
	运行在以下环境
	系统	centos_5	openoffice.org-langpack-gl_ES	*		Up to (excluding) 2.0.4-5.4.17.2
	运行在以下环境
	系统	redhat_5	openoffice.org	*		Up to (excluding) 0:1.1.5-10.6.0.1.EL4