Rapid7 Vulnerability & Exploit Database

SuSE: OpenOffice_org-zh-TW 1.1.1-23.6

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

SuSE: OpenOffice_org-zh-TW 1.1.1-23.6

Severity

CVSS

(AV:N/AC:H/Au:N/C:P/I:P/A:P)

Published

05/02/2005

Created

07/25/2018

Added

11/08/2005

Modified

11/18/2015

Description

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

Solution(s)

References

https://attackerkb.com/topics/cve-2005-0941
13092
CVE - 2005-0941
OVAL9106
RHSA-2005:375
http://www.novell.com/linux/download/updates/91_i386.html
http://www.openoffice.org/issues/show_bug.cgi?id=46388
http://www.securityfocus.com/archive/1/395516

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;