CVE-2012-1149

2012-06-21 17:55:11 2017-08-29 03:31:13

Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embedded image object, as demonstrated by a JPEG image in a .DOC file, which triggers a heap-based buffer overflow.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Fedora 16 Debian Linux 7.0 Redhat Enterprise linux workstation 6.0 (not an official CPE) Red Hat Desktop 5.0 Debian GNU/Linux 6.0 Redhat Enterprise linux server aus 6.2 (not an official CPE) Redhat Enterprise linux server 6.0 (not an official CPE) Red Hat Enterprise Linux 5.0 Redhat Enterprise linux server eus 6.2.z (not an official CPE) Redhat Enterprise linux desktop 6.0 (not an official CPE) Fedora 15

Apache Software Foundation OpenOffice.org 3.4 Beta Apache Software Foundation OpenOffice.org 3.3.0 Libreoffice Libreoffice 3.5.2 (not an official CPE)

Fedoraproject - Fedora Debian - Debian linux Redhat - Enterprise linux workstation Redhat - Enterprise linux desktop Apache - Openoffice.org Redhat - Enterprise linux server aus Redhat - Enterprise linux server Libreoffice - Libreoffice Redhat - Enterprise linux Redhat - Enterprise linux server eus

Advisory	Patch	Confirmed	Link
			53570
			openoffice-vclmi-bo(75692)
			http://www.openoffice.org/security/cves/CVE-2012-1149.ht...
			MDVSA-2012:091
			MDVSA-2012:090
			http://www.libreoffice.org/advisories/cve-2012-1149/
			GLSA-201408-19
			DSA-2487
			DSA-2473
			1027068
			GLSA-201209-05
			RHSA-2012:0705
			FEDORA-2012-8042
			FEDORA-2012-8114
			20120516 CVE-2012-1149 OpenOffice.org integer overflow e...

CVE-2012-1149

2012-06-21 17:55:11 2017-08-29 03:31:13

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)