CVE-2005-2964 - OpenCVE

Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Abisource	Community Abiword

Configuration 1 [-]

cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/16982
http://secunia.com/advisories/16990
http://secunia.com/advisories/17012
http://secunia.com/advisories/17052
http://secunia.com/advisories/17070
http://secunia.com/advisories/17215
http://secunia.com/advisories/17551
http://securitytracker.com/id?1014982
http://www.abiword.org/release-notes/2.2.10.phtml	Patch
http://www.debian.org/security/2005/dsa-894
http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml
http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml
http://www.novell.com/linux/security/advisories/2005_23_sr.html
http://www.osvdb.org/19717
http://www.securityfocus.com/bid/14971
http://www.ubuntu.com/usn/usn-188-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/22454

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2005-09-28T04:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-09-19T00:00:00

Link: CVE-2005-2964

JSON object: View

NVD Information

Status : Modified

Published: 2005-09-28T21:03:00.000

Modified: 2017-07-11T01:33:03.830

Link: CVE-2005-2964

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-09-28T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "USN-188-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-188-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.abiword.org/release-notes/2.2.10.phtml"}, {"name": "1014982", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014982"}, {"name": "GLSA-200509-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml"}, {"name": "DSA-894", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-894"}, {"name": "14971", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14971"}, {"name": "17551", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17551"}, {"name": "17052", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17052"}, {"name": "abiword-rtf-importer-bo(22454)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22454"}, {"name": "GLSA-200510-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml"}, {"name": "17070", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17070"}, {"name": "16982", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16982"}, {"name": "19717", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/19717"}, {"name": "17215", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17215"}, {"name": "16990", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16990"}, {"name": "SUSE-SR:2005:023", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"}, {"name": "17012", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17012"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2005-2964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-188-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-188-1"}, {"name": "http://www.abiword.org/release-notes/2.2.10.phtml", "refsource": "CONFIRM", "url": "http://www.abiword.org/release-notes/2.2.10.phtml"}, {"name": "1014982", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014982"}, {"name": "GLSA-200509-20", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml"}, {"name": "DSA-894", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-894"}, {"name": "14971", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14971"}, {"name": "17551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17551"}, {"name": "17052", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17052"}, {"name": "abiword-rtf-importer-bo(22454)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22454"}, {"name": "GLSA-200510-04", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml"}, {"name": "17070", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17070"}, {"name": "16982", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16982"}, {"name": "19717", "refsource": "OSVDB", "url": "http://www.osvdb.org/19717"}, {"name": "17215", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17215"}, {"name": "16990", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16990"}, {"name": "SUSE-SR:2005:023", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"}, {"name": "17012", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17012"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2005-2964", "datePublished": "2005-09-28T04:00:00", "dateReserved": "2005-09-19T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*", "matchCriteriaId": "F69988CA-4C52-416E-A4E2-D645516B772C", "versionEndIncluding": "2.2.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism."}], "id": "CVE-2005-2964", "lastModified": "2017-07-11T01:33:03.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-09-28T21:03:00.000", "references": [{"source": "security@debian.org", "url": "http://secunia.com/advisories/16982"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/16990"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/17012"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/17052"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/17070"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/17215"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/17551"}, {"source": "security@debian.org", "url": "http://securitytracker.com/id?1014982"}, {"source": "security@debian.org", "tags": ["Patch"], "url": "http://www.abiword.org/release-notes/2.2.10.phtml"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2005/dsa-894"}, {"source": "security@debian.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml"}, {"source": "security@debian.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml"}, {"source": "security@debian.org", "url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html"}, {"source": "security@debian.org", "url": "http://www.osvdb.org/19717"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/14971"}, {"source": "security@debian.org", "url": "http://www.ubuntu.com/usn/usn-188-1"}, {"source": "security@debian.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22454"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}