Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5746

Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow.

Published

2008-04-17T19:05:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	openoffice	openoffice.org	2.0.3	Yes
Application	openoffice	openoffice.org	2.1	Yes
Application	openoffice	openoffice.org	2.2	Yes
Application	openoffice	openoffice.org	2.2.1	Yes
Application	openoffice	openoffice.org	2.3	Yes
Application	openoffice	openoffice.org	2.3.1	Yes

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692 ([email protected])
http://secunia.com/advisories/29844 Vendor Advisory ([email protected])
http://secunia.com/advisories/29852 Vendor Advisory ([email protected])
http://secunia.com/advisories/29864 Vendor Advisory ([email protected])
http://secunia.com/advisories/29871 Vendor Advisory ([email protected])
http://secunia.com/advisories/29910 Vendor Advisory ([email protected])
http://secunia.com/advisories/29913 Vendor Advisory ([email protected])
http://secunia.com/advisories/29987 Vendor Advisory ([email protected])
http://secunia.com/advisories/30100 Vendor Advisory ([email protected])
http://secunia.com/advisories/30179 Vendor Advisory ([email protected])
http://security.gentoo.org/glsa/glsa-200805-16.xml ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231661-1 ([email protected])
http://www.debian.org/security/2008/dsa-1547 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:090 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:095 ([email protected])
http://www.novell.com/linux/security/advisories/2008_23_openoffice.html ([email protected])
http://www.openoffice.org/security/bulletin.html ([email protected])
http://www.openoffice.org/security/cves/CVE-2007-4770.html ([email protected])
http://www.openoffice.org/security/cves/CVE-2007-5745.html ([email protected])
http://www.openoffice.org/security/cves/CVE-2007-5746.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0175.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0176.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/28819 ([email protected])
http://www.securitytracker.com/id?1019892 ([email protected])
http://www.ubuntu.com/usn/usn-609-1 ([email protected])
http://www.vupen.com/english/advisories/2008/1253/references Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/1375/references Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/41861 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10249 ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00448.html ([email protected])
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29844 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29852 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29864 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29871 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29910 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29913 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29987 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30100 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30179 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-200805-16.xml (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231661-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1547 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:090 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:095 (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2008_23_openoffice.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openoffice.org/security/bulletin.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openoffice.org/security/cves/CVE-2007-4770.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openoffice.org/security/cves/CVE-2007-5745.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openoffice.org/security/cves/CVE-2007-5746.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0175.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0176.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/28819 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1019892 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-609-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1253/references Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1375/references Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41861 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10249 (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00448.html (af854a3a-2127-422b-91ae-364da2661108)