Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-0002

Disclosure Date: March 16, 2007
CVE-2007-0002
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • libwpd

Products

  • libwpd library,
  • libwpd library 0.8.2,
  • libwpd library 0.8.6,
  • libwpd library 0.8.7

References

Canonical
CVE-2007-0002 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0002)
BID-23006 (http://www.securityfocus.com/bid/23006)
Advisory
SUNALERT-102863 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102863-1)
ADV-2007-1339 (http://www.vupen.com/english/advisories/2007/1339)
FEDORA-2007-350 (http://fedoranews.org/cms/node/2805)
SECUNIA-24573 (http://secunia.com/advisories/24573)
GLSA-200704-12 (http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml)
SECUNIA-24588 (http://secunia.com/advisories/24588)
SECUNIA-24581 (http://secunia.com/advisories/24581)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11535
GLSA-200704-07 (http://security.gentoo.org/glsa/glsa-200704-07.xml)
http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html
ADV-2007-1032 (http://www.vupen.com/english/advisories/2007/1032)
SECUNIA-24613 (http://secunia.com/advisories/24613)
SECUNIA-24794 (http://secunia.com/advisories/24794)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:064
SECUNIA-24465 (http://secunia.com/advisories/24465)
http://sourceforge.net/project/shownotes.php?release_id=494122
DSA-1268 (http://www.debian.org/security/2007/dsa-1268)
SECUNIA-24507 (http://secunia.com/advisories/24507)
SECUNIA-24557 (http://secunia.com/advisories/24557)
20070316 rPSA-2007-0057-1 libwpd (http://www.securityfocus.com/archive/1/463033/100/0/threaded)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:063
SECUNIA-24591 (http://secunia.com/advisories/24591)
SECUNIA-24580 (http://secunia.com/advisories/24580)
DSA-1270 (http://www.debian.org/security/2007/dsa-1270)
USN-437-1 (http://www.ubuntu.com/usn/usn-437-1)
SECUNIA-24572 (http://secunia.com/advisories/24572)
SECUNIA-24593 (http://secunia.com/advisories/24593)
ADV-2007-0976 (http://www.vupen.com/english/advisories/2007/0976)
SECTRACK-1017789 (http://www.securitytracker.com/id?1017789)
http://www.redhat.com/support/errata/RHSA-2007-0055.html
SECUNIA-24906 (http://secunia.com/advisories/24906)
SECUNIA-24856 (http://secunia.com/advisories/24856)
Miscellaneous
20070316 Multiple Vendor libwpd Multiple Buffer Overflow Vulnerabilities (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490)
SSA-2007-085-02 (http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.399659)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis