CVE-2005-2972 - OpenCVE

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Abisource	Community Abiword

Configuration 1 [-]

cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*

References

Link	Resource
http://scary.beasts.org/security/CESA-2005-006.txt	Exploit Vendor Advisory
http://secunia.com/advisories/17199	Vendor Advisory
http://secunia.com/advisories/17200	Vendor Advisory
http://secunia.com/advisories/17213	Vendor Advisory
http://secunia.com/advisories/17264	Vendor Advisory
http://secunia.com/advisories/17551	Vendor Advisory
http://www.abisource.com/changelogs/2.2.11.phtml
http://www.debian.org/security/2005/dsa-894
http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml	Patch Vendor Advisory
http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html
http://www.osvdb.org/20015
http://www.securityfocus.com/bid/15096
http://www.vupen.com/english/advisories/2005/2086	Vendor Advisory
https://usn.ubuntu.com/203-1/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2005-10-23T04:00:00

Updated: 2018-10-03T20:57:01

Reserved: 2005-09-19T00:00:00

Link: CVE-2005-2972

JSON object: View

NVD Information

Status : Modified

Published: 2005-10-23T10:02:00.000

Modified: 2023-11-07T01:57:44.553

Link: CVE-2005-2972

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-10-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "20015", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/20015"}, {"name": "ADV-2005-2086", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2005/2086"}, {"name": "17199", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17199"}, {"name": "DSA-894", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-894"}, {"name": "USN-203-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/203-1/"}, {"name": "17551", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17551"}, {"name": "17264", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17264"}, {"tags": ["x_refsource_MISC"], "url": "http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.abisource.com/changelogs/2.2.11.phtml"}, {"name": "17213", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17213"}, {"tags": ["x_refsource_MISC"], "url": "http://scary.beasts.org/security/CESA-2005-006.txt"}, {"name": "15096", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/15096"}, {"name": "GLSA-200510-17", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"}, {"name": "17200", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/17200"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2005-2972", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20015", "refsource": "OSVDB", "url": "http://www.osvdb.org/20015"}, {"name": "ADV-2005-2086", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2005/2086"}, {"name": "17199", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17199"}, {"name": "DSA-894", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2005/dsa-894"}, {"name": "USN-203-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/203-1/"}, {"name": "17551", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17551"}, {"name": "17264", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17264"}, {"name": "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html", "refsource": "MISC", "url": "http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html"}, {"name": "http://www.abisource.com/changelogs/2.2.11.phtml", "refsource": "CONFIRM", "url": "http://www.abisource.com/changelogs/2.2.11.phtml"}, {"name": "17213", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17213"}, {"name": "http://scary.beasts.org/security/CESA-2005-006.txt", "refsource": "MISC", "url": "http://scary.beasts.org/security/CESA-2005-006.txt"}, {"name": "15096", "refsource": "BID", "url": "http://www.securityfocus.com/bid/15096"}, {"name": "GLSA-200510-17", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"}, {"name": "17200", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/17200"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-2972", "datePublished": "2005-10-23T04:00:00", "dateReserved": "2005-09-19T00:00:00", "dateUpdated": "2018-10-03T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:abisource:community_abiword:*:*:*:*:*:*:*:*", "matchCriteriaId": "576159E7-70BC-45EB-8F7A-E60809AD1CE3", "versionEndIncluding": "2.2.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964."}], "id": "CVE-2005-2972", "lastModified": "2023-11-07T01:57:44.553", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2005-10-23T10:02:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Exploit", "Vendor Advisory"], "url": "http://scary.beasts.org/security/CESA-2005-006.txt"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17199"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17200"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17213"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17264"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/17551"}, {"source": "secalert@redhat.com", "url": "http://www.abisource.com/changelogs/2.2.11.phtml"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2005/dsa-894"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/20015"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/15096"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2005/2086"}, {"source": "secalert@redhat.com", "url": "https://usn.ubuntu.com/203-1/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}