Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-2334

Disclosure Date: June 19, 2012
CVE-2012-2334
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Integer overflow in filter/source/msfilter/msdffimp.cxx in OpenOffice.org (OOo) 3.3, 3.4 Beta, and possibly earlier, and LibreOffice before 3.5.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the length of an Escher graphics record in a PowerPoint (.ppt) document, which triggers a buffer overflow.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apache,
  • libreoffice

Products

  • libreoffice,
  • libreoffice 3.3.0,
  • libreoffice 3.3.1,
  • libreoffice 3.3.2,
  • libreoffice 3.3.3,
  • libreoffice 3.3.4,
  • libreoffice 3.4.0,
  • libreoffice 3.4.1,
  • libreoffice 3.4.2,
  • libreoffice 3.4.5,
  • libreoffice 3.5,
  • openoffice.org 3.3,
  • openoffice.org 3.4

References

Canonical
CVE-2012-2334 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2334)
BID-53570 (http://www.securityfocus.com/bid/53570)
Advisory
SECUNIA-60799 (http://secunia.com/advisories/60799)
GLSA-201408-19 (http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:090
20120516 CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0 (http://archives.neohapsis.com/archives/bugtraq/2012-05/0091.html)
http://cgit.freedesktop.org/libreoffice/core/commit?id=512401decb286ba0fc3031939b8f7de8649c502e
FEDORA-2012-8114 (http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082168.html)
[oss-security] 20120528 Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification (http://www.openwall.com/lists/oss-security/2012/05/28/2)
SECTRACK-1027070 (http://securitytracker.com/id?1027070)
http://www.libreoffice.org/advisories/cve-2012-2334
DSA-2487 (http://www.debian.org/security/2012/dsa-2487)
SECUNIA-46992 (http://secunia.com/advisories/46992)
http://cgit.freedesktop.org/libreoffice/core/commit?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da
SECUNIA-47244 (http://secunia.com/advisories/47244)
XF-openoffice-powerpoint-dos(75695) (https://exchange.xforce.ibmcloud.com/vulnerabilities/75695)
SECUNIA-49392 (http://secunia.com/advisories/49392)
SECUNIA-49373 (http://secunia.com/advisories/49373)
http://rhn.redhat.com/errata/RHSA-2012-0705.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:091
http://www.openoffice.org/security/cves/CVE-2012-2334.html
OSVDB-82517 (http://www.osvdb.org/82517)
Miscellaneous
https://bugzilla.redhat.com/show_bug.cgi?id=821803
https://access.redhat.com/errata/RHSA-2012:0705
http://cgit.freedesktop.org/libreoffice/core/commit/?id=28a6558f9d3ca2dda3191f8b5b3f2378ee2533da
http://cgit.freedesktop.org/libreoffice/core/commit/?id=512401decb286ba0fc3031939b8f7de8649c502e
http://www.libreoffice.org/advisories/cve-2012-2334/
https://access.redhat.com/security/cve/CVE-2012-2334

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis