Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE
Sun Openoffice.org 3.2.1 (not an official CPE)
Sun Openoffice.org 2.4.3 (not an official CPE)
Sun Microsystems OpenOffice.org 2.4.2
Sun Microsystems OpenOffice.org 2.4.1
Sun Microsystems OpenOffice.org 2.4.0
Sun Openoffice.org 2.3.1 (not an official CPE)
Sun Openoffice.org 2.0.4 (not an official CPE)
Sun Microsystems OpenOffice.org 2.3.0
Sun Openoffice.org 2.2.1 (not an official CPE)
Sun Openoffice.org 2.0.3 (not an official CPE)
Sun Microsystems OpenOffice.org 3.0.0
Sun Openoffice.org 3.2.0 (not an official CPE)
Sun Microsystems OpenOffice.org 3.1.1
Sun Microsystems OpenOffice.org 3.1.0
Sun Microsystems OpenOffice.org 3.0.1
Sun Microsystems OpenOffice.org 2.2.0
Sun Microsystems OpenOffice.org 2.1.0
Sun Microsystems OpenOffice.org 2.0.0