CVE-2012-2149

Published: Jun 21, 2012Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The WPXContentListener::_closeTableRow function in WPXContentListener.cpp in libwpd 0.8.8, as used by OpenOffice.org (OOo) before 3.4, allows remote attackers to execute arbitrary code via a crafted Wordperfect .WPD document that causes a negative array index to be used. NOTE: some sources report this issue as an integer overflow.

Affected (5)

Products: Redhat: Enterprise Linux Optional Productivity Applications, Enterprise Linux Desktop · Apache: Openoffice.org · Libwpd: Libwpd

2 products

Enterprise Linux Optional Productivity Applications

Enterprise Linux Desktop

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Optional Productivity Applications	All versions
Redhat Enterprise Linux Desktop	Version 5.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Apache Openoffice.org	Up to 3.4
Apache Openoffice.org	Version 3.3
Libwpd Libwpd	Version 0.8.8

Related CWEs

References (20)

http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html

Source: secalert@redhat.com

http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html

Source: secalert@redhat.com

ExploitThird Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2012-1043.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/46992

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/60799

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

Source: secalert@redhat.com

http://www.openoffice.org/security/cves/CVE-2012-2149.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securityfocus.com/bid/53570

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1027069

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt

Source: secalert@redhat.com

Exploit

http://archives.neohapsis.com/archives/bugtraq/2012-05/0090.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.org/files/112862/libwpd-WPXContentListener-_closeTableRow-Memory-Overwrite.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2012-1043.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/46992

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/60799

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openoffice.org/security/cves/CVE-2012-2149.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/53570

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1027069

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.sec-consult.com/files/20120518-0_openoffice_memory_overwrite.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.