Heap-based Buffer Overflow in Microsoft Import Filter for KOffice
CVE-2012-3455

Currently unrated

Key Information:

Vendor

Kde

Status
Koffice
Vendor
CVE Published:
20 August 2012

What is CVE-2012-3455?

A vulnerability exists in the Microsoft import filter for KOffice that allows remote attackers to exploit a heap-based buffer overflow via a specially crafted ODF style within an ODF document. Successful exploitation can lead to application crashes or even arbitrary code execution, thereby compromising system integrity. Users of KOffice 2.3.3 and earlier are particularly at risk due to this flaw, as it can be triggered by opening malicious documents. This vulnerability is closely related to another identified issue, reflecting the shared codebase of Calligra and KOffice.

References

http://secunia.com/advisories/50199
third-party-advisoryx_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2012/08/10/1
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2012/08/06/6
mailing-listx_refsource_MLIST

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.