CVE-2010-2935

HIGH

Description

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."

References

http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

http://secunia.com/advisories/40775

http://secunia.com/advisories/41052

http://secunia.com/advisories/41235

http://secunia.com/advisories/42927

http://secunia.com/advisories/43105

http://secunia.com/advisories/60799

http://securityevaluators.com/files/papers/CrashAnalysis.pdf

http://ubuntu.com/usn/usn-1056-1

http://www.debian.org/security/2010/dsa-2099

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

http://www.mandriva.com/security/advisories?name=MDVSA-2010:221

http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html

http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690

http://www.openwall.com/lists/oss-security/2010/08/11/1

http://www.openwall.com/lists/oss-security/2010/08/11/4

http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

http://www.redhat.com/support/errata/RHSA-2010-0643.html

http://www.securitytracker.com/id?1024352

http://www.securitytracker.com/id?1024976

http://www.vupen.com/english/advisories/2010/2003

http://www.vupen.com/english/advisories/2010/2149

http://www.vupen.com/english/advisories/2010/2228

http://www.vupen.com/english/advisories/2010/2905

http://www.vupen.com/english/advisories/2011/0150

http://www.vupen.com/english/advisories/2011/0230

http://www.vupen.com/english/advisories/2011/0279

https://bugzilla.redhat.com/show_bug.cgi?id=622529

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063

Details

Source: MITRE

Published: 2010-08-25

Updated: 2017-09-19

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH