Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:DL:OPENOFFICE-TIFF-OF

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 OpenOffice TIFF File Parsing Integer Overflow

Release Date

 2011/07/21

Update Number

 1959

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: OpenOffice TIFF File Parsing Integer Overflow


This signature detects attempts to exploit a known vulnerability in OpenOffice TIFF File Parsing Library. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.

Extended Description

OpenOffice is prone to multiple remote integer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Remote attackers may exploit these issues by enticing victims into opening maliciously crafted TIFF files. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

Affected Products

  • Debian Linux 3.1.0
  • Debian Linux 3.1.0 Alpha
  • Debian Linux 3.1.0 Amd64
  • Debian Linux 3.1.0 Arm
  • Debian Linux 3.1.0 Hppa
  • Debian Linux 3.1.0 Ia-32
  • Debian Linux 3.1.0 Ia-64
  • Debian Linux 3.1.0 M68k
  • Debian Linux 3.1.0 Mips
  • Debian Linux 3.1.0 Mipsel
  • Debian Linux 3.1.0 Ppc
  • Debian Linux 3.1.0 S/390
  • Debian Linux 3.1.0 Sparc
  • Debian Linux 4.0
  • Debian Linux 4.0 Alpha
  • Debian Linux 4.0 Amd64
  • Debian Linux 4.0 Arm
  • Debian Linux 4.0 Hppa
  • Debian Linux 4.0 Ia-32
  • Debian Linux 4.0 Ia-64
  • Debian Linux 4.0 M68k
  • Debian Linux 4.0 Mips
  • Debian Linux 4.0 Mipsel
  • Debian Linux 4.0 Powerpc
  • Debian Linux 4.0 S/390
  • Debian Linux 4.0 Sparc
  • Foresight Linux 1.1
  • Gentoo Linux
  • Mandriva Corporate Server 3.0.0
  • Mandriva Corporate Server 3.0.0 X86 64
  • Mandriva Linux Mandrake 2007.0
  • Mandriva Linux Mandrake 2007.0 X86 64
  • Mandriva Linux Mandrake 2007.1
  • Mandriva Linux Mandrake 2007.1 X86 64
  • OpenOffice 1.1.3
  • OpenOffice 2.0.4
  • OpenOffice 2.2.1
  • Red Hat Desktop 3.0.0
  • Red Hat Desktop 4.0.0
  • Red Hat Enterprise Linux AS 3
  • Red Hat Enterprise Linux AS 4
  • Red Hat Enterprise Linux Desktop 5 Client
  • Red Hat Enterprise Linux ES 3
  • Red Hat Enterprise Linux ES 4
  • Red Hat Enterprise Linux WS 3
  • Red Hat Enterprise Linux WS 4
  • Red Hat Fedora Core6
  • Red Hat Fedora Core7
  • rPath rPath Linux 1
  • Sun StarOffice 6.0
  • Sun StarOffice 7.0.0
  • Sun StarOffice 8.0
  • Sun StarSuite 6
  • Sun StarSuite 7
  • Sun StarSuite 8
  • SuSE Linux 10.0
  • SuSE Linux 10.1
  • SuSE Linux Desktop 1.0
  • SuSE openSUSE 10.2
  • Ubuntu Ubuntu Linux 6.06 LTS Amd64
  • Ubuntu Ubuntu Linux 6.06 LTS I386
  • Ubuntu Ubuntu Linux 6.06 LTS Powerpc
  • Ubuntu Ubuntu Linux 6.06 LTS Sparc
  • Ubuntu Ubuntu Linux 6.10 Amd64
  • Ubuntu Ubuntu Linux 6.10 I386
  • Ubuntu Ubuntu Linux 6.10 Powerpc
  • Ubuntu Ubuntu Linux 6.10 Sparc
  • Ubuntu Ubuntu Linux 7.04 Amd64
  • Ubuntu Ubuntu Linux 7.04 I386
  • Ubuntu Ubuntu Linux 7.04 Powerpc
  • Ubuntu Ubuntu Linux 7.04 Sparc

References

  • BugTraq: 25690
  • CVE: CVE-2007-2834

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out