CERTA-2007-AVI-135
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités dans libwpd permettent l'exécution de code arbitraire à distance.
Description
libwpd est une bibliothèque C++ qui permet le traitement des documents WordPerfect. Elle est utilisée notamment par OpenOffice depuis la version 2.0, par KOffice depuis la version 1.4 et par AbiWord depuis la version 2.2.
Plusieurs vulnérabilités ont été découvertes dans libwpd. Un attaquant peut, par le biais d'un document WordPerfect spécifiquement constitué, exécuter du code arbitraire à distance.
Solution
Mettre à jour libwpd en version 0.8.9.
libwpd versions 0.8.8 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003elibwpd\u003c/SPAN\u003e versions 0.8.8 et ant\u00e9rieures.\u003c/P\u003e",
"content": "## Description\n\nlibwpd est une biblioth\u00e8que C++ qui permet le traitement des documents\nWordPerfect. Elle est utilis\u00e9e notamment par OpenOffice depuis la\nversion 2.0, par KOffice depuis la version 1.4 et par AbiWord depuis la\nversion 2.2.\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans libwpd. Un attaquant\npeut, par le biais d\u0027un document WordPerfect sp\u00e9cifiquement constitu\u00e9,\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nMettre \u00e0 jour libwpd en version 0.8.9.\n",
"cves": [
{
"name": "CVE-2007-0002",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0002"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SA:2007:023 du 21 mars 2007 :",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html"
},
{
"title": "Site de libwpd :",
"url": "http://libwpd.sourceforge.net/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-437-1 du 19 mars 2007 :",
"url": "http://www.ubuntu.com/usn/usn-437-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1270 du 20 mars 2007 :",
"url": "http://www.debian.org/security/2007/dsa-1270"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1268 du 17 mars 2007 :",
"url": "http://www.debian.org/security/2007/dsa-1268"
}
],
"reference": "CERTA-2007-AVI-135",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-03-21T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Debian, SuSE, Ubuntu.",
"revision_date": "2007-03-27T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003elibwpd\u003c/span\u003e\npermettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans libwpd",
"vendor_advisories": [
{
"published_at": null,
"title": "Nouvelle du 16 mars 2007 sur le site de libwpd",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…