fkie_cve-2010-2935
Vulnerability from fkie_nvd
Published
2010-08-25 20:00
Modified
2024-11-21 01:17
Severity ?
Summary
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
secalert@redhat.comhttp://secunia.com/advisories/40775Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/41052Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/41235
secalert@redhat.comhttp://secunia.com/advisories/42927
secalert@redhat.comhttp://secunia.com/advisories/43105
secalert@redhat.comhttp://secunia.com/advisories/60799
secalert@redhat.comhttp://securityevaluators.com/files/papers/CrashAnalysis.pdf
secalert@redhat.comhttp://ubuntu.com/usn/usn-1056-1
secalert@redhat.comhttp://www.debian.org/security/2010/dsa-2099
secalert@redhat.comhttp://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:221
secalert@redhat.comhttp://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
secalert@redhat.comhttp://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/08/11/1
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/08/11/4
secalert@redhat.comhttp://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2010-0643.html
secalert@redhat.comhttp://www.securitytracker.com/id?1024352
secalert@redhat.comhttp://www.securitytracker.com/id?1024976
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2003Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2149Vendor Advisory
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2228
secalert@redhat.comhttp://www.vupen.com/english/advisories/2010/2905
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0150
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0230
secalert@redhat.comhttp://www.vupen.com/english/advisories/2011/0279
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=622529
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40775Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41052Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41235
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/42927
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43105
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/60799
af854a3a-2127-422b-91ae-364da2661108http://securityevaluators.com/files/papers/CrashAnalysis.pdf
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-1056-1
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2099
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
af854a3a-2127-422b-91ae-364da2661108http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
af854a3a-2127-422b-91ae-364da2661108http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/08/11/1
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/08/11/4
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2010-0643.html
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024352
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1024976
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2003Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2149Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2228
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2905
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0150
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0230
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0279
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=622529
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063
Impacted products
Vendor Product Version
openoffice openoffice.org 3.2.1
microsoft windows *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openoffice:openoffice.org:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0D9F8E7-18FF-43B1-B88F-84AD1476739C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an \"integer truncation error.\""
    },
    {
      "lang": "es",
      "value": "simpress.bin en el m\u00f3dulo Impress en OpenOffice.org (OOo) v3.2.1 sobre Windows, \r\nno maneja adecuadamente los valores enteros asociados a las propiedades de los elementos del diccionario, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) o posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de pol\u00edgonos modificados en un documento PowerPoint que provoca un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
    }
  ],
  "id": "CVE-2010-2935",
  "lastModified": "2024-11-21T01:17:41.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-08-25T20:00:17.643",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40775"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41052"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/41235"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/42927"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/43105"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ubuntu.com/usn/usn-1056-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2010/dsa-2099"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openoffice.org/servlets/ReadMsg?list=dev\u0026msgNo=27690"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/11/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/11/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1024352"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1024976"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2003"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2149"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2228"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2010/2905"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0150"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2011/0279"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41052"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/41235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/42927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/43105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/60799"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityevaluators.com/files/papers/CrashAnalysis.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-1056-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2010/dsa-2099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openoffice.org/servlets/ReadMsg?list=dev\u0026msgNo=27690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/11/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/08/11/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0643.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1024976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2228"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2010/2905"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0150"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2011/0279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=622529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.