Info

Disclosure

Oct 13, 2005

Discovery

Oct 02, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

Multiple remote overflows exist in AbiWord. The 'ParseLevelText()', 'getCharsInsideBrace()', 'HandleLists()', and 'HandleAbiLists()' functions in 'ie_imp_RTF.cpp' fail to perform proper bounds checking resulting in multiple stack-based buffer overflows. With a specially crafted RTF file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Dom Lachowicz	AbiWord	2.4.0
		2.2.10

References

Bugtraq ID: 15096
Secunia Advisory ID: 17199 17200 17213 17264 17551
CVE ID: 2005-2972 (see also: NVD)
Keyword: CESA-2005-006
Other Advisory URL: http://scary.beasts.org/security/CESA-2005-006.txt
http://www.ubuntu.com/usn/usn-203-1
Vendor URL: http://www.abisource.com/
Vendor Specific Solution URL: http://www.abisource.com/changelogs/2.4.1.phtml
Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-894
http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml

Credit

Chris Evans - scarybeastsgmail.com -

Direct URL: http://osvdb.org/20015

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Dom Lachowicz

AbiWord

References

Credit