|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200510-17] AbiWord: New RTF import buffer overflows Vulnerability Scan
Vulnerability Scan Summary AbiWord: New RTF import buffer overflows
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200510-17
(AbiWord: New RTF import buffer overflows)
Chris Evans discovered a different set of buffer overflows than
the one described in GLSA 200509-20 in the RTF import function in
AbiWord.
Impact
A possible hacker could design a malicious RTF file and entice a user to
import it in AbiWord, potentially resulting in the execution of
arbitrary code with the rights of the user running AbiWord.
Workaround
There is no known workaround at this time.
References:
http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2972
Solution:
All AbiWord users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/abiword-2.2.11"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|