New Search

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values but process memory using 32 bit values which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values which leads to a heap-based buffer overflow.

oval:org.mitre.oval:def:9106

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values but process memory using 32 bit values which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values which leads to a heap-based buffer overflow.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 3
  • CentOS Linux 4
  • Red Hat Enterprise Linux 4
  • Oracle Linux 4
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2005-0941
Product(s):