Title: wvWare Library Field.c WVHANDLEDATETIMEPICTURE Function Remote Buffer Overflow Vulnerability
Severity: HIGH
Description:
wvWare is a library which allows access to Microsoft Word files on Unix-based systems.
wvWare is reported prone to a remote buffer overflow vulnerability that may allow attackers to execute arbitrary code on a vulnerable system in order to gain unauthorized access.
The issue presents itself due to insufficient boundary checks performed by the 'wvHandleDateTimePicture' function in 'field.c'. Specifically, the 'DateTime' field can be used to trigger this issue. It is reported that the vulnerable code is triggered when an unknown 'token' or file is handled.
The attacker exploits this issue by crafting a malicious file that is sufficient to trigger this issue. The attacker then sends this file to a vulnerable user. The buffer overflow condition may be triggered when the user opens this file in HTML mode using an application that employs the wvWare library. The document used to exploit this issue must be a multiple of 4096 bytes and the shellcode and return addresses must only contain ASCII characters.
Successful exploit of this issue can allow a remote attacker to execute arbitrary code in the context of a vulnerable application.
This issue affects wvWare 0.7.4. Versions 0.7.5, 0.7.6 and 1.0.0 are also affected by a variant of this issue.
Affected Products:
- AbiSource Community AbiWord 0.99.5
- AbiSource Community AbiWord 1.0.2
- AbiSource Community AbiWord 1.0.4
- AbiSource Community AbiWord 2.0.3
- AbiSource Community AbiWord 2.0.4
- AbiSource Community AbiWord 2.0.5
- AbiSource Community AbiWord 2.0.6
- AbiSource Community AbiWord 2.0.7
- Conectiva Linux 10.0.0
- Debian Linux 3.0.0 alpha
- Debian Linux 3.0.0 arm
- Debian Linux 3.0.0 hppa
- Debian Linux 3.0.0 ia-32
- Debian Linux 3.0.0 ia-64
- Debian Linux 3.0.0 m68k
- Debian Linux 3.0.0 mips
- Debian Linux 3.0.0 mipsel
- Debian Linux 3.0.0 ppc
- Debian Linux 3.0.0 s/390
- Debian Linux 3.0.0 sparc
- RedHat Linux 7.3.0 i386
- RedHat Linux 9.0.0 i386
- S.u.S.E. Linux Personal 9.2.0
- wvWare wvWare 0.7.0
- wvWare wvWare 0.7.1
- wvWare wvWare 0.7.4
- wvWare wvWare 0.7.5
- wvWare wvWare 0.7.6
- wvWare wvWare 1.0.0
References:
- iDEFENSE: wvWare Library Buffer Overflow Vulnerability
- wvWare: wvWare Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
