vulnerability bulletin CVE-2010-2935 CVE-2010-2936
OpenOffice.org Impress: code execution
Synthesis of the vulnerability
An attacker can create a malicious OpenOffice.org Impress document, and invite the victim to open it, in order to execute code on his computer.Impacted products:
OpenOffice, Debian, MES, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES.
CERTA-2011-AVI-039, CERTA-2011-AVI-243, cpujan2011, CVE-2010-2935, CVE-2010-2936, DSA 2099-1, MDVSA-2010:221, openSUSE-SU-2010:0732-1, openSUSE-SU-2011:0336-1, openSUSE-SU-2011:0337-1, RHSA-2010:0643-01, SUSE-SR:2010:019, SUSE-SR:2010:024, SUSE-SR:2011:007, VIGILANCE-VUL-9813.
Description of the vulnerability
The OpenOffice.org Impress program is used to create presentations. It is impacted by two vulnerabilities.
A malicious document truncates an integer, which corrupts the memory. [severity:3/4; CERTA-2011-AVI-039, CERTA-2011-AVI-243, CVE-2010-2935]
A malicious document creates an integer overflow, which corrupts the memory. [severity:3/4; CVE-2010-2936]
An attacker can therefore create a malicious OpenOffice.org Impress document, and invite the victim to open it, in order to execute code on his computer.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides networks vulnerabilities bulletins
. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.