HTTP: OpenOffice.org Microsoft Word File Processing sprmTDefTable Integer Underflow
An integer underflow vulnerability has been reported in OpenOffice. The vulnerability is due to an error in processing sprmTDefTable records in Microsoft Word files. A remote unauthenticated attacker could leverage this vulnerability by enticing a target user to open a malicious Microsoft Word file with a vulnerable version of the application. In a successful attack, it may result in a heap overflow leading to the possibility of code execution within the security context of the currently logged on user.
Extended Description
OpenOffice is prone to multiple remote code-execution vulnerabilities because of errors in processing certain files. Remote attackers can exploit these issues by enticing victims into opening maliciously crafted files. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service. Versions prior to OpenOffice 3.2 are vulnerable.
Affected Products
Pardus linux_2009
Short Name
HTTP:STC:DL:WORD-SPRMDEFTABLE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-3301 File Integer Microsoft OpenOffice.org Processing Underflow Word bid:38218 sprmTDefTable
Release Date
10/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Red_hat
Suse
Sun
Openoffice
Pardus
Ubuntu
Mandriva
Debian
CVSS Score
9.3