Signature Detail

HTTP: OpenOffice RTF File Parsing Heap Buffer Overflow

This signature detects attempts to exploit a known buffer overflow vulnerability in the OpenOffice RTF File. An attack targeting this can result in the injection and execution of code. If code execution is successful, the behavior of the target depends on the intention of the attacker. Any injected code is executed within the security context of the currently logged in user. In an unsuccessful attack, the affected product terminates resulting in the loss of any unsaved data from the current session.

Extended Description

OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

Affected Products

• Avaya Interactive Response 2.0
• Debian Linux 3.1.0
• Debian Linux 3.1.0 Alpha
• Debian Linux 3.1.0 Amd64
• Debian Linux 3.1.0 Arm
• Debian Linux 3.1.0 Hppa
• Debian Linux 3.1.0 Ia-32
• Debian Linux 3.1.0 Ia-64
• Debian Linux 3.1.0 M68k
• Debian Linux 3.1.0 Mips
• Debian Linux 3.1.0 Mipsel
• Debian Linux 3.1.0 Ppc
• Debian Linux 3.1.0 S/390
• Debian Linux 3.1.0 Sparc
• Debian Linux 4.0
• Debian Linux 4.0 Alpha
• Debian Linux 4.0 Amd64
• Debian Linux 4.0 Arm
• Debian Linux 4.0 Hppa
• Debian Linux 4.0 Ia-32
• Debian Linux 4.0 Ia-64
• Debian Linux 4.0 M68k
• Debian Linux 4.0 Mips
• Debian Linux 4.0 Mipsel
• Debian Linux 4.0 Powerpc
• Debian Linux 4.0 S/390
• Debian Linux 4.0 Sparc
• Gentoo Linux
• Mandriva Corporate Server 3.0.0
• Mandriva Corporate Server 3.0.0 X86 64
• Mandriva Linux Mandrake 2007.0
• Mandriva Linux Mandrake 2007.0 X86 64
• Mandriva Linux Mandrake 2007.1
• Mandriva Linux Mandrake 2007.1 X86 64
• Novell Linux Desktop 9
• OpenOffice 2.0.0 Beta
• OpenOffice 2.0.1
• OpenOffice 2.0.2
• OpenOffice 2.0.3
• OpenOffice 2.0.3-1
• OpenOffice 2.0.4
• OpenOffice 2.1
• OpenOffice 2.2
• Red Hat Desktop 3.0.0
• Red Hat Desktop 4.0.0
• Red Hat Enterprise Linux AS 3
• Red Hat Enterprise Linux AS 4
• Red Hat Enterprise Linux Desktop 5 Client
• Red Hat Enterprise Linux ES 3
• Red Hat Enterprise Linux ES 4
• Red Hat Enterprise Linux Optional Productivity Application 5 Server
• Red Hat Enterprise Linux WS 3
• Red Hat Enterprise Linux WS 4
• Red Hat Fedora Core6
• rPath rPath Linux 1
• SGI ProPack 3.0.0 SP6
• Sun StarOffice 6.0
• Sun StarOffice 6.0 PP6
• Sun StarOffice 7.0.0
• Sun StarOffice 7.0 PP9
• Sun StarOffice 8.0
• Sun StarOffice 8 Update 6
• Sun StarOffice 8 Update 7
• Sun StarSuite 6
• Sun StarSuite 6 PP6
• Sun StarSuite 7
• Sun StarSuite 7 PP9
• Sun StarSuite 8
• Sun StarSuite 8 Update 6
• Sun StarSuite 8 Update 7
• SuSE Linux 10.1
• SuSE Linux Desktop 1.0
• SuSE openSUSE 10.2
• SuSE SUSE Linux Enterprise Desktop 10
• SuSE SUSE Linux Enterprise SDK 10
• Ubuntu Ubuntu Linux 6.06 LTS Amd64
• Ubuntu Ubuntu Linux 6.06 LTS I386
• Ubuntu Ubuntu Linux 6.06 LTS Powerpc
• Ubuntu Ubuntu Linux 6.06 LTS Sparc
• Ubuntu Ubuntu Linux 6.10 Amd64
• Ubuntu Ubuntu Linux 6.10 I386
• Ubuntu Ubuntu Linux 6.10 Powerpc
• Ubuntu Ubuntu Linux 6.10 Sparc
• Ubuntu Ubuntu Linux 7.04 Amd64
• Ubuntu Ubuntu Linux 7.04 I386
• Ubuntu Ubuntu Linux 7.04 Powerpc
• Ubuntu Ubuntu Linux 7.04 Sparc

References

• BugTraq: 24450
• CVE: CVE-2007-0245