AbiWord Buffer Overflow in RTF Importer May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1014982
|
|
SecurityTracker URL: http://securitytracker.com/id?1014982
|
|
CVE Reference: CVE-2005-2964
(Links to External Site)
|
Updated: Jun 15 2008
|
Original Entry Date: Sep 28 2005
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.2.10
|
Description: A vulnerability was reported in AbiWord. A remote user may be able to cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted RTF file that, when imported by the target user, will trigger a stack overflow and execute
arbitrary code on the target user's system. The code will run with the privileges of the target user.
Chris Evans discovered
this vulnerability.
|
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system with the privileges of the target user.
|
Solution: The vendor has issued a fixed version (2.2.10), available at:
http://www.abisource.com/download/
|
Vendor URL: www.abisource.com/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 28 Sep 2005 03:17:54 -0400
Subject: AbiWord vulnerability
|
> AbiWord v2.2.10 Released
>
> This release fixes a security issue in the RTF importer that was reported to us. All
> users are advised to upgrade.
>
> The changes from 2.2.9 to 2.2.10 include, amongst others:
>
> * Fix security bug: AbiWord RTF import stack-based buffer overflow / CESA-2005-004 - rev 1
|
|
