Launchpad.net

CVE 2007-0245

Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.

Related bugs and status

CVE-2007-0245 (Candidate) is related to these bugs:

Bug #61664: [dapper] oo impress crash after slide with many images duplicated

Summary				In	Importance	Status
	61664	[dapper] oo impress crash after slide with many images duplicated		openoffice.org (Ubuntu)	Undecided	Invalid

Bug #120400: heap overflow in OpenOffice.org RTF parsing routine

		In	Importance	Status
120400	heap overflow in OpenOffice.org RTF parsing routine	openoffice.org (Ubuntu)	High	Fix Released
120400	heap overflow in OpenOffice.org RTF parsing routine	openoffice.org (Ubuntu Dapper)	High	Fix Released
120400	heap overflow in OpenOffice.org RTF parsing routine	openoffice.org (Ubuntu Edgy)	High	Fix Released
120400	heap overflow in OpenOffice.org RTF parsing routine	openoffice.org (Ubuntu Feisty)	High	Fix Released
120400	heap overflow in OpenOffice.org RTF parsing routine	openoffice.org (Ubuntu Gutsy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

DEBIAN: DSA-1307
REDHAT: RHSA-2007:0406
SECUNIA: 25648
SECUNIA: 25650
CONFIRM: http://sw.openoffice.o...
SUNALERT: 102917
BID: 24450
SECTRACK: 1018239
SECUNIA: 25673
SECUNIA: 25705
SGI: 20070602-01-P
SUSE: SUSE-SA:2007:037
SECUNIA: 25862
SECUNIA: 25894
GENTOO: GLSA-200707-02
SECUNIA: 25905
UBUNTU: USN-482-1
SECUNIA: 26010
SECUNIA: 26022
CONFIRM: https://issues.rpath.c...
SECUNIA: 26476
MANDRIVA: MDKSA-2007:144
VUPEN: ADV-2007-2166
VUPEN: ADV-2007-2229
OSVDB: 35378
XF: openoffice-rtf-bo(34843)
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20070613 High risk vul...