Vulnerability CVE-2005-0941

Vulnerability Name:

CVE-2005-0941 (CCN-20058)

Assigned:

2005-03-30

Published:

2005-03-30

Updated:

2017-10-11

Summary:

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Mon Apr 11 2005 - 19:04:38 CDT
OpenOffice DOC document Heap Overflow

Source: MITRE
Type: CNA
CVE-2005-0941

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:968
Buffer overflow fix and a new upstream version

Source: CCN
Type: RHSA-2005-375
openoffice.org security update

Source: SECUNIA
Type: UNKNOWN
17027

Source: CCN
Type: CIAC INFORMATION BULLETIN P-192
OpenOffice.org Buffer Overflow Vulnerability

Source: CCN
Type: GLSA-200504-13
OpenOffice.Org: DOC document Heap Overflow

Source: GENTOO
Type: UNKNOWN
GLSA-200504-13

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:021

Source: CCN
Type: OpenOffice.org Web site
OpenOffice.org

Source: CCN
Type: OpenOffice Issue list
Issue 46388

Source: CONFIRM
Type: UNKNOWN
http://www.openoffice.org/issues/show_bug.cgi?id=46388

Source: REDHAT
Type: UNKNOWN
RHSA-2005:375

Source: BUGTRAQ
Type: UNKNOWN
20050412 OpenOffice DOC document Heap Overflow

Source: BID
Type: UNKNOWN
13092

Source: CCN
Type: BID-13092
OpenOffice Malformed Document Remote Heap Overflow Vulnerability

Source: CCN
Type: USN-121-1
OpenOffice.org vulnerability

Source: XF
Type: UNKNOWN
openoffice-doc-heap-bo(20058)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9106

Source: SUSE
Type: SUSE-SA:2005:025
OpenOffice_org: heap overflow problem

Source: SUSE
Type: SUSE-SR:2005:021
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:openoffice:openoffice:1.0.1:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice:1.0.2:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice:1.1.0:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice:1.1.1:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice:1.1.2:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*

OR cpe:/a:openoffice:openoffice:1.1.4:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openoffice:openoffice.org:1.1.4:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050941	V	CVE-2005-0941	2015-11-16
oval:org.mitre.oval:def:9106	V	The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.	2013-04-29
oval:com.redhat.rhsa:def:20050375	P	RHSA-2005:375: openoffice.org security update (Important)	2005-04-25

BACK