Openoffice: >> Openoffice >> 1.0.1 Security Vulnerabilities
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.
CVSS Score
4.6
EPSS Score
0.001
Published
2005-12-31
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
CVSS Score
5.1
EPSS Score
0.028
Published
2005-05-02
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
CVSS Score
6.2
EPSS Score
0.001
Published
2002-12-31