Integer overflow in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an EMF file with a crafted EMR_STRETCHBLT record, which triggers a heap-based buffer overflow.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openoffice.org | Openoffice | 2.0.3 (including) | 2.0.3 (including) |
Openoffice.org | Openoffice | 2.1 (including) | 2.1 (including) |
Openoffice.org | Openoffice | 2.2 (including) | 2.2 (including) |
Openoffice.org | Openoffice | 2.2.1 (including) | 2.2.1 (including) |
Openoffice.org | Openoffice | 2.3 (including) | 2.3 (including) |
Openoffice.org | Openoffice | 2.3.1 (including) | 2.3.1 (including) |