CVE-2012-2149 - OpenCVE

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Enterprise Linux Desktop Enterprise Linux Optional Productivity Applications
Apache	Openoffice.org
Libwpd	Libwpd

Configuration 1 [-]

OR	cpe:2.3:a:redhat:enterprise_linux__optional_productivity_applications::::::::
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:apache:openoffice.org::beta_1::::::*
	cpe:2.3:a:apache:openoffice.org:3.3:::::::*
	cpe:2.3:a:libwpd:libwpd:0.8.8:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html
http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html	Exploit Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2012-1043.html	Third Party Advisory
http://secunia.com/advisories/46992	Vendor Advisory
http://secunia.com/advisories/60799	Third Party Advisory VDB Entry
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
http://www.openoffice.org/security/cves/CVE-2012-2149.html	Vendor Advisory
http://www.securityfocus.com/bid/53570	Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1027069	Third Party Advisory VDB Entry
https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-06-21T15:00:00

Updated: 2014-10-20T13:57:00

Reserved: 2012-04-04T00:00:00

Link: CVE-2012-2149

JSON object: View

NVD Information

Status : Modified

Published: 2012-06-21T15:55:12.520

Modified: 2023-11-07T02:10:24.890

Link: CVE-2012-2149

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-16T00:00:00", "descriptions": [{"lang": "en", "value": "The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-10-20T13:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "60799", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60799"}, {"name": "GLSA-201408-19", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"}, {"name": "1027069", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1027069"}, {"name": "RHSA-2012:1043", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1043.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt"}, {"name": "20120516 CVE-2012-2149 OpenOffice.org memory overwrite vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html"}, {"name": "53570", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/53570"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openoffice.org/security/cves/CVE-2012-2149.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html"}, {"name": "46992", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/46992"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2149", "datePublished": "2012-06-21T15:00:00", "dateReserved": "2012-04-04T00:00:00", "dateUpdated": "2014-10-20T13:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_linux__optional_productivity_applications:*:*:*:*:*:*:*:*", "matchCriteriaId": "0AE81184-0A55-4090-A875-E9C5A8DCA457", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:openoffice.org:*:beta_1:*:*:*:*:*:*", "matchCriteriaId": "0BE63595-AD04-4521-98A9-6880BAF266AF", "versionEndIncluding": "3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*", "matchCriteriaId": "3E6F3D98-01D4-4A3C-A166-6BA96F46A77C", "vulnerable": true}, {"criteria": "cpe:2.3:a:libwpd:libwpd:0.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "462A6CFF-E27B-461C-956A-A18F91B662DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow."}, {"lang": "es", "value": "La funci\u00f3n WPXContentListener::_closeTableRow en WPXContentListener.cpp en libwpd v0.8.8, tal y como es usado por OpenOffice.org (OOo) antes de v3.4, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento WordPerfect .WPD debidamente modificado, que provoca que se use un \u00edndice de matriz negativa. NOTA: algunas fuentes informan de este tema como un desbordamiento de enteros."}], "id": "CVE-2012-2149", "lastModified": "2023-11-07T02:10:24.890", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-06-21T15:55:12.520", "references": [{"source": "secalert@redhat.com", "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1043.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/46992"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://secunia.com/advisories/60799"}, {"source": "secalert@redhat.com", "url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.openoffice.org/security/cves/CVE-2012-2149.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/53570"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1027069"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}