|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200509-20] AbiWord: RTF import stack-based buffer overflow Vulnerability Scan
Vulnerability Scan Summary AbiWord: RTF import stack-based buffer overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200509-20
(AbiWord: RTF import stack-based buffer overflow)
Chris Evans discovered that the RTF import function in AbiWord is
vulnerable to a stack-based buffer overflow.
Impact
A possible hacker could design a malicious RTF file and entice the user
to import it in AbiWord, potentially resulting in the execution of
arbitrary code with the rights of the user running AbiWord.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2964
Solution:
All AbiWord users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/abiword-2.2.10"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|