CVE-2005-2972

Sažetak

Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.

Reference

http://scary.beasts.org/security/CESA-2005-006.txt
http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml
http://www.abisource.com/changelogs/2.2.11.phtml
http://www.securityfocus.com/bid/15096
http://www.osvdb.org/20015
http://secunia.com/advisories/17199
http://www.debian.org/security/2005/dsa-894
http://secunia.com/advisories/17200
http://secunia.com/advisories/17213
http://secunia.com/advisories/17264
http://secunia.com/advisories/17551
http://www.vupen.com/english/advisories/2005/2086
https://usn.ubuntu.com/203-1/
http://www.mail-archive.com/debian-bugs-rc%40lists.debian.org/msg28251.html

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

07-11-2023 - 01:57

Objavljeno

23-10-2005 - 10:02