Openoffice

openoffice

Vendor: Openoffice • 16 CVEs

CVEs (16)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-2366 1Openoffice 1Openoffice Apr 23, 2026 Jun 16, 2008 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current...Show more Untrusted search path vulnerability in a certain Red Hat build script for OpenOffice.org (OOo) 1.1.x on Red Hat Enterprise Linux (RHEL) 3 and 4 allows local users to gain privileges via a malicious library in the current working directory, related to incorrect quoting of the ORIGIN symbol for use in the RPATH library path.Show less
CVE-2007-5745 1Openoffice 1Openoffice Apr 23, 2026 Apr 17, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute a...Show more Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Quattro Pro (QPRO) file with crafted (1) Attribute and (2) Font Description records.Show less
CVE-2007-4575 1Openoffice 1Openoffice Apr 23, 2026 Dec 6, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."
CVE-2007-4251 1Openoffice 1Openoffice Apr 23, 2026 Aug 8, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.
CVE-2007-0245 1Openoffice 1Openoffice Apr 23, 2026 Jun 12, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable...Show more Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.Show less
CVE-2007-0239 1Openoffice 1Openoffice Apr 23, 2026 Mar 21, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
CVE-2007-0238 1Openoffice 1Openoffice Apr 23, 2026 Mar 21, 2007 N/A· v4 N/A· v3 9.3 HIGH· v2 Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code...Show more Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.Show less
CVE-2006-5870 2Openoffice Sun 2Openoffice Staroffice Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a)...Show more Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.Show less
CVE-2006-6628 1Openoffice 1Openoffice Apr 23, 2026 Dec 18, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CV...Show more Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.Show less
CVE-2006-3117 2Openoffice Sun 2Openoffice Staroffice Apr 16, 2026 Jun 30, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly h...Show more Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."Show less
CVE-2006-2199 2Openoffice Sun 2Openoffice Staroffice Apr 16, 2026 Jun 30, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via cert...Show more Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents.Show less
CVE-2006-2198 2Openoffice Sun 2Openoffice Staroffice Apr 16, 2026 Jun 30, 2006 N/A· v4 N/A· v3 7.6 HIGH· v2 OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed withou...Show more OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.Show less
CVE-2005-4636 1Openoffice 1Openoffice Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypass...Show more OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.Show less
CVE-2005-0941 1Openoffice 1Openoffice Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 5.1 MEDIUM· v2 The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial o...Show more The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.Show less
CVE-2004-0752 1Openoffice 1Openoffice Apr 16, 2026 Oct 20, 2004 N/A· v4 N/A· v3 2.1 LOW· v2 OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
CVE-2002-2210 1Openoffice 1Openoffice Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 6.2 MEDIUM· v2 The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.