Info

Disclosure

Sep 29, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local buffer overflow exists in Abiword. The RTF importer fails to properly bound check user-supplied data resulting in a stack buffer overflow. With a specially crafted RTF file, an attacker can execute arbitrary code resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.2.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

AbiSource Community	AbiWord	2.2.9
		2.2.8
		2.2.7
		2.2.6
		2.2.5
		2.2.4
		2.2.3
		2.2.2
		2.2.1
		2.2.0
		2.0.12
		2.0.11
		2.0.10
		2.0.9
		2.0.8
		2.0.7
		2.0.5
		2.0.4
		2.0.3
		2.0.2
		2.0.1

References

Security Tracker: 1014982
Bugtraq ID: 14971
Secunia Advisory ID: 16982 16990 17012 17052 17215 17551
CVE ID: 2005-2964 (see also: NVD)
Other Advisory URL: http://www.abisource.com/changelogs/2.2.10.phtml
http://www.ubuntu.com/usn/usn-188-1
Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-894
http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml

Credit

Chris Evans - chrisscary.beasts.org -

Direct URL: http://osvdb.org/19717

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

AbiSource Community

AbiWord

References

Credit