Vulnerability Name:

CVE-2012-2665 (CCN-77386)

Assigned:2012-08-01
Published:2012-08-01
Updated:2023-02-13
Summary:Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-122
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2012-2665

Source: CCN
Type: RHSA-2012-1135
Important: libreoffice security update

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: RHSA-2012-1136
Important: openoffice.org security update

Source: CCN
Type: SA50142
LibreOffice XML Manifest Handling Buffer Overflow Vulnerabilities

Source: CCN
Type: SA50438
OpenOffice XML Manifest Handling Buffer Overflow Vulnerabilities

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: DEBIAN
Type: DSA-2520
openoffice.org -- Multiple heap-based buffer overflows

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Vendor Advisory
secalert@redhat.com

Source: CCN
Type: Libre Office Web Site
Multiple heap-based buffer overflows in the XML manifest encryption handling code

Source: CCN
Type: Open Office Web Site
OpenOffice.org

Source: CCN
Type: OSVDB ID: 84440
LibreOffice XML Tag Hierarchy ODF File Handling Overflow

Source: CCN
Type: OSVDB ID: 84441
LibreOffice Base64 Decoder XML Export ODF File Handling Overflow

Source: CCN
Type: OSVDB ID: 84442
LibreOffice Boundary Error XML Tag Duplication ODF File Handling Overflow

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: BID-54769
LibreOffice and OpenOffice Multiple Heap Based Buffer Overflow Vulnerabilities

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
libreoffice-base64-bo(77386)

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openoffice:openoffice.org:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1.5:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4.1::64-bit:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:3.01:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.1.154:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.1.152:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.156:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.130:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.122:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.2:rc1:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0.2:rc2:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.118:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.113:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.104:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.100:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.95:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.93:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.91:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.87:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.84:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.9.680:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1:rc3:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1:beta2:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.1:beta:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:libreoffice:libreoffice:3.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:libreoffice:libreoffice:3.5.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20122665
    V
    		CVE-2012-2665
    2017-09-27
    oval:org.mitre.oval:def:18059
    P
    		USN-1537-1 -- openoffice.org vulnerability
    2014-06-30
    oval:org.mitre.oval:def:17974
    P
    		USN-1536-1 -- libreoffice vulnerability
    2014-06-30
    oval:org.mitre.oval:def:19447
    P
    		DSA-2520-1 openoffice.org - Multiple heap-based buffer overflows
    2014-06-23
    oval:org.mitre.oval:def:23289
    P
    		ELSA-2012:1136: openoffice.org security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:23713
    P
    		ELSA-2012:1135: libreoffice security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21514
    P
    		RHSA-2012:1135: libreoffice security update (Important)
    2014-02-24
    oval:org.mitre.oval:def:21348
    P
    		RHSA-2012:1136: openoffice.org security update (Important)
    2014-02-24
    oval:com.ubuntu.precise:def:20122665000
    V
    		CVE-2012-2665 on Ubuntu 12.04 LTS (precise) - medium.
    2012-08-06
    oval:com.redhat.rhsa:def:20121135
    P
    		RHSA-2012:1135: libreoffice security update (Important)
    2012-08-01
    oval:com.redhat.rhsa:def:20121136
    P
    		RHSA-2012:1136: openoffice.org security update (Important)
    2012-08-01
    BACK
    openoffice openoffice.org 1.0.1
    openoffice openoffice.org 1.1.2
    openoffice openoffice.org 1.1.4
    openoffice openoffice.org 1.1.3
    openoffice openoffice.org 2.1
    openoffice openoffice.org 2.0.4
    openoffice openoffice.org 2.2
    openoffice openoffice.org 2.3
    openoffice openoffice.org 2.0
    openoffice openoffice.org 2.4
    openoffice openoffice.org 2.0.3
    openoffice openoffice.org 1.1.5
    openoffice openoffice.org 2.0.2
    openoffice openoffice.org 2.4.1
    openoffice openoffice.org 2.2.1
    openoffice openoffice.org 2.3.1
    openoffice openoffice.org 2.4.1
    openoffice openoffice.org 3.01
    openoffice openoffice.org 2.1.154
    openoffice openoffice.org 2.1.152
    openoffice openoffice.org 1.9.156
    openoffice openoffice.org 1.9.130
    openoffice openoffice.org 1.9.122
    openoffice openoffice.org 2.0.1
    openoffice openoffice.org 2.0.2 rc1
    openoffice openoffice.org 2.0.2 rc2
    openoffice openoffice.org 2.0 beta2
    openoffice openoffice.org 1.9.118
    openoffice openoffice.org 1.9.113
    openoffice openoffice.org 1.9.104
    openoffice openoffice.org 1.9.100
    openoffice openoffice.org 1.9.95
    openoffice openoffice.org 1.9.93
    openoffice openoffice.org 1.9.91
    openoffice openoffice.org 1.9.87
    openoffice openoffice.org 1.9.84
    openoffice openoffice.org 1.9.680
    openoffice openoffice.org 1.1.1
    openoffice openoffice.org 1.1
    openoffice openoffice.org 1.1 rc3
    openoffice openoffice.org 1.1 rc1
    openoffice openoffice.org 1.1 beta2
    openoffice openoffice.org 1.0.3.1
    openoffice openoffice.org 1.1 beta
    openoffice openoffice.org 1.0.2
    openoffice openoffice.org 3.2.1
    libreoffice libreoffice 3.3.2
    libreoffice libreoffice 3.3.1
    libreoffice libreoffice 3.5.3
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    redhat enterprise linux desktop 6