close
Pourquoi s'enregistré ... Pour bénéficié de plein d'avantage, plus l'accès à des partis du site qui ne sont accessible qu'aux membres. L'inscription n'est pas une obligation.

       
Mot de passe oublié?    Identifiant oublié?    Créer un compte

Si toute fois vous avez envies de vous inscrire, donner une adresse e-mail valide, car il vous seras envoyer un mail de confirmation d'ouverture de compte. Merci.
Top Panel
Login
Top Panel

Pin-Up

Recherche Google

Publicité

MDVSA-2010:221: openoffice.org PDF Imprimer Envoyer
(0 Votes)
Écrit par Administrator   
Samedi, 06 Novembre 2010 00:00
Multiple vulnerabilities was discovered and corrected in the
OpenOffice.org:

Integer overflow allows remote attackers to execute arbitrary code
via a crafted XPM file that triggers a heap-based buffer overflow
(CVE-2009-2949).

Heap-based buffer overflow allows remote attackers to cause a denial
of service (application crash) or possibly execute arbitrary code
via a crafted GIF file, related to LZW decompression (CVE-2009-2950).

Integer underflow allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
a crafted sprmTDefTable table property modifier in a Word document
(CVE-2009-3301).

boundary error flaw allows remote attackers to cause a denial of
service (application crash) or possibly execute arbitrary code via
a crafted sprmTSetBrc table property modifier in a Word document
(CVE-2009-3302).

Lack of properly enforcing Visual Basic for Applications (VBA) macro
security settings, which allows remote attackers to run arbitrary
macros via a crafted document (CVE-2010-0136).

User-assisted remote attackers are able to bypass Python macro
security restrictions and execute arbitrary Python code via a crafted
OpenDocument Text (ODT) file that triggers code execution when the
macro directory structure is previewed (CVE-2010-0395).

Impress module does not properly handle integer values associated
with dictionary property items, which allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted PowerPoint document that triggers a
heap-based buffer overflow, related to an integer truncation error
(CVE-2010-2935).

Integer overflow in the Impress allows remote attackers to cause a
denial of service (application crash) or possibly execute arbitrary
code via crafted polygons in a PowerPoint document that triggers a
heap-based buffer overflow (CVE-2010-2936).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

This update provides OpenOffice.org packages have been patched to
correct these issues and additional dependent packages.

Lire la suite...
Submit to Delicious Submit to Facebook Submit to Google Bookmarks Submit to Technorati Submit to Twitter Submit to LinkedIn

 

Ajouter un Commentaire


Code de sécurité
Rafraîchir

maps.amung.us

www.geo-loc.com

Publicité

Browse the web faster with Firefox