Vulnerability CVE-2005-2971 - CERT Civis.Net

Vulnerability Name:

CVE-2005-2971 (CCN-22562)

Assigned:

2005-10-11

Published:

2005-10-11

Updated:

2018-10-03

Summary:

Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-2971

Source: MISC
Type: Exploit, Vendor Advisory
http://scary.beasts.org/security/CESA-2005-005.txt

Source: CCN
Type: SA17145
KOffice KWord RTF Importer Buffer Overflow Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
17145

Source: SECUNIA
Type: UNKNOWN
17171

Source: SECUNIA
Type: UNKNOWN
17190

Source: SECUNIA
Type: UNKNOWN
17212

Source: SECUNIA
Type: UNKNOWN
17332

Source: SECUNIA
Type: UNKNOWN
17480

Source: SECUNIA
Type: UNKNOWN
17486

Source: CCN
Type: SECTRACK ID: 1015035
KDE KWord Buffer Overflow in Importing RTF Files May Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1015035

Source: SLACKWARE
Type: UNKNOWN
SSA:2005-310-02

Source: DEBIAN
Type: UNKNOWN
DSA-872

Source: DEBIAN
Type: DSA-872
koffice -- buffer overflow

Source: CCN
Type: GLSA-200510-12
KOffice, KWord: RTF import buffer overflow

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200510-12

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.kde.org/info/security/advisory-20051011-1.txt

Source: CCN
Type: KOffice Web site
The KOffice Project - KOffice - Integrated Office Suite

Source: CCN
Type: KDE Security Advisory 20051011-1
KWord RTF import buffer overflow

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:025

Source: CCN
Type: OSVDB ID: 19909
KOffice KWord RTF Importer Overflow

Source: FEDORA
Type: UNKNOWN
FEDORA-2005-984

Source: BID
Type: Patch
15060

Source: CCN
Type: BID-15060
KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-202-1
KOffice vulnerability

Source: XF
Type: UNKNOWN
koffice-kword-rtf-importer-bo(22562)

Source: XF
Type: UNKNOWN
koffice-kword-rtf-importer-bo(22562)

Source: UBUNTU
Type: UNKNOWN
USN-202-1

Source: SUSE
Type: SUSE-SR:2005:025
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:kde:koffice:1.2:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3.1:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3.2:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3.3:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3.4:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3.5:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3_beta1:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3_beta2:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.3_beta3:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.4:*:*:*:*:*:*:*

OR cpe:/a:kde:koffice:1.4.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20052971	V	CVE-2005-2971	2015-11-16
oval:org.debian:def:872	V	buffer overflow	2005-10-26