HTTP: OpenOffice.org XPM File Processing Integer Overflow
This signature detects attempts to exploit a known integer overflow vulnerability has in OpenOffice. It is due to a boundary error when the XPMReader::ReadXPM function in xpmread.cxx in OpenOffice.org processes XPM files. A remote unauthenticated attacker can leverage this by enticing a target user to open a malicious XPM file with a vulnerable application. In a successful attack, it can result in a heap overflow leading to the possibility of code execution within the security context of the currently logged on user. In an unsuccessful attack, the target application can terminate abnormally.
Extended Description
OpenOffice is prone to multiple remote code-execution vulnerabilities because of errors in processing certain files. Remote attackers can exploit these issues by enticing victims into opening maliciously crafted files. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service. Versions prior to OpenOffice 3.2 are vulnerable.
Affected Products
Pardus linux_2009
Short Name
HTTP:STC:DL:OO-XPMREAD-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-2949 File Integer OpenOffice.org Overflow Processing XPM bid:38218
Release Date
10/26/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Suse
Sun
Openoffice
Pardus
Ubuntu
Mandriva
Debian
CVSS Score
9.3