9.3

CVE-2010-2935

simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenofficeOpenoffice.Org Version3.2.1
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.09% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/60799
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:221
http://www.vupen.com/english/advisories/2010/2905
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
http://securityevaluators.com/files/papers/CrashAnalysis.pdf
http://secunia.com/advisories/40775
Vendor Advisory
http://secunia.com/advisories/41052
Vendor Advisory
http://secunia.com/advisories/41235
http://secunia.com/advisories/42927
http://secunia.com/advisories/43105
http://ubuntu.com/usn/usn-1056-1
http://www.debian.org/security/2010/dsa-2099
http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html
http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690
http://www.openwall.com/lists/oss-security/2010/08/11/1
http://www.openwall.com/lists/oss-security/2010/08/11/4
http://www.redhat.com/support/errata/RHSA-2010-0643.html
http://www.securitytracker.com/id?1024352
http://www.securitytracker.com/id?1024976
http://www.vupen.com/english/advisories/2010/2003
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2149
Vendor Advisory
http://www.vupen.com/english/advisories/2010/2228
http://www.vupen.com/english/advisories/2011/0150
http://www.vupen.com/english/advisories/2011/0230
http://www.vupen.com/english/advisories/2011/0279
https://bugzilla.redhat.com/show_bug.cgi?id=622529
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063