we track for your security since 1999

vulnerabilities

The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.

recent vulnerabilities

tracked products

RSS feed

vulnerability

vulnerability bulletin CVE-2010-2935 CVE-2010-2936

OpenOffice.org Impress: code execution

Synthesis of the vulnerability

An attacker can create a malicious OpenOffice.org Impress document, and invite the victim to open it, in order to execute code on his computer.
Impacted products: OpenOffice, Debian, MES, Mandriva Linux, NLD, OES, openSUSE, RHEL, SLES.
Severity: 3/4.
Creation date: 05/08/2010.
Identifiers: CERTA-2011-AVI-039, CERTA-2011-AVI-243, cpujan2011, CVE-2010-2935, CVE-2010-2936, DSA 2099-1, MDVSA-2010:221, openSUSE-SU-2010:0732-1, openSUSE-SU-2011:0336-1, openSUSE-SU-2011:0337-1, RHSA-2010:0643-01, SUSE-SR:2010:019, SUSE-SR:2010:024, SUSE-SR:2011:007, VIGILANCE-VUL-9813.

Description of the vulnerability

The OpenOffice.org Impress program is used to create presentations. It is impacted by two vulnerabilities.

A malicious document truncates an integer, which corrupts the memory. [severity:3/4; CERTA-2011-AVI-039, CERTA-2011-AVI-243, CVE-2010-2935]

A malicious document creates an integer overflow, which corrupts the memory. [severity:3/4; CVE-2010-2936]

An attacker can therefore create a malicious OpenOffice.org Impress document, and invite the victim to open it, in order to execute code on his computer.
Complete Vigil@nce bulletin.... (free access)

Share this bulletin

Computer vulnerabilities tracking service

Vigil@nce provides networks vulnerabilities bulletins. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.