Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2007-2834

Disclosure Date: September 18, 2007
CVE-2007-2834
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apache,
  • canonical,
  • debian,
  • sun

Products

  • debian linux 3.1,
  • debian linux 4.0,
  • openoffice,
  • staroffice 6.0,
  • staroffice 7.0,
  • staroffice 8.0,
  • starsuite,
  • ubuntu linux 6.06,
  • ubuntu linux 6.10,
  • ubuntu linux 7.04

References

Canonical
CVE-2007-2834 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2834)
BID-25690 (http://www.securityfocus.com/bid/25690)
Advisory
SUNALERT-200190 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1)
http://bugs.gentoo.org/show_bug.cgi?id=192818
SECUNIA-26816 (http://secunia.com/advisories/26816)
SECUNIA-26839 (http://secunia.com/advisories/26839)
USN-524-1 (http://www.ubuntu.com/usn/usn-524-1)
https://issues.rpath.com/browse/RPL-1740
SECUNIA-26855 (http://secunia.com/advisories/26855)
SECTRACK-1018702 (http://securitytracker.com/id?1018702)
SUNALERT-102994 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1)
http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html
SECUNIA-26903 (http://secunia.com/advisories/26903)
GLSA-200710-24 (http://security.gentoo.org/glsa/glsa-200710-24.xml)
SECUNIA-27370 (http://secunia.com/advisories/27370)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:186
ADV-2007-3262 (http://www.vupen.com/english/advisories/2007/3262)
http://www.openoffice.org/security/cves/CVE-2007-2834.html
FEDORA-2007-700 (http://fedoranews.org/updates/FEDORA-2007-700.shtml)
http://www.redhat.com/support/errata/RHSA-2007-0848.html
SECUNIA-26844 (http://secunia.com/advisories/26844)
SECUNIA-26891 (http://secunia.com/advisories/26891)
20070919 FLEA-2007-0056-1 openoffice.org (http://www.securityfocus.com/archive/1/479965/100/0/threaded)
SECUNIA-27087 (http://secunia.com/advisories/27087)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967
ADV-2007-3184 (http://www.vupen.com/english/advisories/2007/3184)
SECUNIA-26861 (http://secunia.com/advisories/26861)
SECUNIA-26817 (http://secunia.com/advisories/26817)
DSA-1375 (http://www.debian.org/security/2007/dsa-1375)
XF-openoffice-tiff-bo(36656) (https://exchange.xforce.ibmcloud.com/vulnerabilities/36656)
SECUNIA-26912 (http://secunia.com/advisories/26912)
SECUNIA-27077 (http://secunia.com/advisories/27077)
FEDORA-2007-2372 (http://fedoranews.org/updates/FEDORA-2007-237.shtml)
Miscellaneous
20070917 Multiple Vendor OpenOffice TIFF File Parsing Multiple Integer Overflow Vulnerabilities (http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis