Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:221)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities was discovered and corrected in the
OpenOffice.org :

Integer overflow allows remote attackers to execute arbitrary code via
a crafted XPM file that triggers a heap-based buffer overflow
(CVE-2009-2949).

Heap-based buffer overflow allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via
a crafted GIF file, related to LZW decompression (CVE-2009-2950).

Integer underflow allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
sprmTDefTable table property modifier in a Word document
(CVE-2009-3301).

boundary error flaw allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via a
crafted sprmTSetBrc table property modifier in a Word document
(CVE-2009-3302).

Lack of properly enforcing Visual Basic for Applications (VBA) macro
security settings, which allows remote attackers to run arbitrary
macros via a crafted document (CVE-2010-0136).

User-assisted remote attackers are able to bypass Python macro
security restrictions and execute arbitrary Python code via a crafted
OpenDocument Text (ODT) file that triggers code execution when the
macro directory structure is previewed (CVE-2010-0395).

Impress module does not properly handle integer values associated with
dictionary property items, which allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via a crafted PowerPoint document that triggers a heap-based
buffer overflow, related to an integer truncation error
(CVE-2010-2935).

Integer overflow in the Impress allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via crafted polygons in a PowerPoint document that triggers a
heap-based buffer overflow (CVE-2010-2936).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=4
90

This update provides OpenOffice.org packages have been patched to
correct these issues and additional dependent packages.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 50503 ()

Bugtraq ID: 38218
38245
40599
42202

CVE ID: CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302
CVE-2010-0136
CVE-2010-0395
CVE-2010-2935
CVE-2010-2936

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now