Signature Detail

HTTP: OpenOffice EMF File EMR_BITBLT Record Integer Overflow

This signature detects attempts to exploit a known vulnerability in OpenOffice. A successful attack can lead to a integer overflow and arbitrary remote code execution within the context of the user.

Extended Description

OpenOffice is prone to multiple remote heap-based buffer-overflow vulnerabilities because of errors in processing certain files. Remote attackers can exploit these issues by enticing victims into opening maliciously crafted ODF, Quattro Pro, EMF, or OLE files. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service. The issues affect OpenOffice 2 prior to 2.4. The OLE and EMF file issues also affect OpenOffice 1.1.

Affected Products

• Avaya interactive_response 2.0
• Avaya interactive_response 3.0
• Debian linux 3.1.0
• Debian linux 3.1.0 Alpha
• Debian linux 3.1.0 Amd64
• Debian linux 3.1.0 Arm
• Debian linux 3.1.0 Hppa
• Debian linux 3.1.0 Ia-32
• Debian linux 3.1.0 Ia-64
• Debian linux 3.1.0 M68k
• Debian linux 3.1.0 Mips
• Debian linux 3.1.0 Mipsel
• Debian linux 3.1.0 Ppc
• Debian linux 3.1.0 S/390
• Debian linux 3.1.0 Sparc
• Debian linux 4.0
• Debian linux 4.0 Alpha
• Debian linux 4.0 Amd64
• Debian linux 4.0 Arm
• Debian linux 4.0 Hppa
• Debian linux 4.0 Ia-32
• Debian linux 4.0 Ia-64
• Debian linux 4.0 M68k
• Debian linux 4.0 Mips
• Debian linux 4.0 Mipsel
• Debian linux 4.0 Powerpc
• Debian linux 4.0 S/390
• Debian linux 4.0 Sparc
• Gentoo linux
• Mandriva corporate_server 3.0.0
• Mandriva corporate_server 3.0.0 X86 64
• Mandriva linux_mandrake 2008.0
• Mandriva linux_mandrake 2008.0 X86 64
• Openoffice openoffice 1.0.1
• Openoffice openoffice 1.0.2
• Openoffice openoffice 1.0.3
• Openoffice openoffice 1.1.1
• Openoffice openoffice 1.1.2
• Openoffice openoffice 1.1.3
• Openoffice openoffice 1.1.4
• Openoffice openoffice 1.1.5
• Openoffice openoffice 1.1.51
• Openoffice openoffice 1.1.52
• Openoffice openoffice 2.0.0 Beta
• Openoffice openoffice 2.0.1
• Openoffice openoffice 2.0.2
• Openoffice openoffice 2.0.3
• Openoffice openoffice 2.0.3-1
• Openoffice openoffice 2.0.4
• Openoffice openoffice 2.1
• Openoffice openoffice 2.2
• Openoffice openoffice 2.2.0
• Openoffice openoffice 2.2.1
• Openoffice openoffice 2.3.0
• Openoffice openoffice 2.3.1
• Red_hat desktop 3.0.0
• Red_hat desktop 4.0.0
• Red_hat enterprise_linux_as 3
• Red_hat enterprise_linux_as 4
• Red_hat enterprise_linux_desktop 5 Client
• Red_hat enterprise_linux_es 3
• Red_hat enterprise_linux_es 4
• Red_hat enterprise_linux_optional_productivity_application 5 Server
• Red_hat enterprise_linux_ws 3
• Red_hat enterprise_linux_ws 4
• Red_hat fedora 7
• Red_hat fedora 8
• Sun staroffice 7.0.0
• Sun staroffice 7.0 PP10
• Sun staroffice 7.0 PP9
• Sun staroffice 8.0
• Sun staroffice 8 Update 6
• Sun staroffice 8 Update 7
• Suse linux 10.1 Ppc
• Suse linux 10.1 X86
• Suse linux 10.1 X86-64
• Suse novell_linux_desktop 9.0.0
• Suse opensuse 10.2
• Suse opensuse 10.3
• Suse suse_linux_enterprise_desktop 10 SP1
• Suse suse_linux_enterprise_sdk 10.SP1
• Ubuntu ubuntu_linux 6.06 LTS Amd64
• Ubuntu ubuntu_linux 6.06 LTS I386
• Ubuntu ubuntu_linux 6.06 LTS Powerpc
• Ubuntu ubuntu_linux 6.06 LTS Sparc
• Ubuntu ubuntu_linux 7.04 Amd64
• Ubuntu ubuntu_linux 7.04 I386
• Ubuntu ubuntu_linux 7.04 Powerpc
• Ubuntu ubuntu_linux 7.04 Sparc
• Ubuntu ubuntu_linux 7.10 Amd64
• Ubuntu ubuntu_linux 7.10 I386
• Ubuntu ubuntu_linux 7.10 Lpia
• Ubuntu ubuntu_linux 7.10 Powerpc
• Ubuntu ubuntu_linux 7.10 Sparc

References

• BugTraq: 28819
• CVE: CVE-2007-5746