Signature Detail

HTTP: Multiple Vendor libwpd WP3TablesGroup Heap Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in open source WordPerfect Document Importer/Exporter (libwpd) library. It is due to improper boundary check when processing crafted WordPerfect documents. An attacker can exploit this vulnerability by persuading a victim to open a specially crafted WordPerfect (WPD) document. Successful exploitation of this vulnerability may lead to arbitrary code execution in the context of the currently logged in user. In an attack scenario, where arbitrary code is attempted to be injected and executed on the target machine, the behaviour of the target is dependent on the intention of the malicious code. If such an attack fails to execute successfully, the application using the vulnerable component may terminate as a result of the exploitation.

Extended Description

The libwpd library is prone to multiple buffer-overflow vulnerabilities because it fails to adequately check boundaries on user-supplied input. A successful exploit could let a remote attacker execute arbitrary code in the context of an application using the affected library. This issue affects libwpd 0.8.7; other versions prior to 0.8.9 may also be affected.

Affected Products

• Debian linux 3.1.0
• Debian linux 3.1.0 Alpha
• Debian linux 3.1.0 Amd64
• Debian linux 3.1.0 Arm
• Debian linux 3.1.0 Hppa
• Debian linux 3.1.0 Ia-32
• Debian linux 3.1.0 Ia-64
• Debian linux 3.1.0 M68k
• Debian linux 3.1.0 Mips
• Debian linux 3.1.0 Mipsel
• Debian linux 3.1.0 Ppc
• Debian linux 3.1.0 S/390
• Debian linux 3.1.0 Sparc
• Debian linux 4.0
• Debian linux 4.0 Alpha
• Debian linux 4.0 Amd64
• Debian linux 4.0 Arm
• Debian linux 4.0 Hppa
• Debian linux 4.0 Ia-32
• Debian linux 4.0 Ia-64
• Debian linux 4.0 M68k
• Debian linux 4.0 Mips
• Debian linux 4.0 Mipsel
• Debian linux 4.0 Powerpc
• Debian linux 4.0 S/390
• Debian linux 4.0 Sparc
• Foresight_linux foresight_linux 1.1
• Gentoo app-office/openoffice 2.0.3
• Gentoo app-office/openoffice-bin 2.1.0
• Gentoo linux
• Libwpd libwpd_library 0.8.2
• Libwpd libwpd_library 0.8.6
• Libwpd libwpd_library 0.8.7
• Libwpd libwpd_library 0.8 8-0.8.6
• Mandriva linux_mandrake 2007.0
• Mandriva linux_mandrake 2007.0 X86 64
• Pardus linux 2007.1
• Red_hat desktop 3.0.0
• Red_hat desktop 4.0.0
• Red_hat enterprise_linux_as 3
• Red_hat enterprise_linux_as 4
• Red_hat enterprise_linux_desktop 5 Client
• Red_hat enterprise_linux_desktop_workstation 5 Client
• Red_hat enterprise_linux_es 3
• Red_hat enterprise_linux_es 4
• Red_hat enterprise_linux_optional_productivity_application 5 Server
• Red_hat enterprise_linux_ws 3
• Red_hat enterprise_linux_ws 4
• Red_hat fedora Core5
• Red_hat fedora Core6
• Rpath rpath_linux 1
• Sgi propack 3.0.0 SP6
• Slackware linux 10.2.0
• Slackware linux 11.0
• Sun staroffice 8.0
• Sun starsuite 8
• Suse linux 10.0 X86
• Suse linux 10.1 Ppc
• Suse linux 10.1 X86
• Suse linux 10.1 X86-64
• Suse linux 9.3 X86
• Suse linux_desktop 1.0.0
• Suse novell_linux_desktop 9.0.0
• Suse opensuse 10.2
• Suse suse_linux_enterprise_desktop 10
• Suse suse_linux_enterprise_sdk 10
• Turbolinux fuji
• Ubuntu ubuntu_linux 5.10.0 Amd64
• Ubuntu ubuntu_linux 5.10.0 I386
• Ubuntu ubuntu_linux 5.10.0 Powerpc
• Ubuntu ubuntu_linux 5.10.0 Sparc
• Ubuntu ubuntu_linux 6.06 LTS Amd64
• Ubuntu ubuntu_linux 6.06 LTS I386
• Ubuntu ubuntu_linux 6.06 LTS Powerpc
• Ubuntu ubuntu_linux 6.06 LTS Sparc
• Ubuntu ubuntu_linux 6.10 Amd64
• Ubuntu ubuntu_linux 6.10 I386
• Ubuntu ubuntu_linux 6.10 Powerpc
• Ubuntu ubuntu_linux 6.10 Sparc

References

• BugTraq: 23006
• CVE: CVE-2007-0002