OpenOffice HSQLDB Java代码执行漏洞

admin
admin
admin
0
文章
0
评论
2022-07-19 10:08:29 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

OpenOffice HSQLDB Java代码执行漏洞

  • CNNVD编号:CNNVD-200712-060
  • 危害等级: 中危
  • CVE编号: CVE-2007-4575
  • 漏洞类型: 代码注入
  • 发布时间: 2007-12-05
  • 威胁类型: 远程
  • 更新时间: 2009-02-21
  • 厂        商: openoffice
  • 漏洞来源: OpenOffice.org

漏洞简介

OpenOffice(OOo)是美国阿帕奇(Apache)软件基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。

OpenOffice的数据库引擎HSQLDB实现上存在漏洞,远程攻击者可能利用此漏洞执行任意Java代码。

OpenOffice所捆绑的默认数据库引擎HSQLDB在解析SQL查询时没有正确地强制安全限制,如果用户受骗打开了恶意数据库文档中并执行了其中所包含的特制SQL查询的话,就可能导致调用任意静态的Java方式。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

OpenOffice OpenOffice 2.2

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.1

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

Sun StarOffice 8.0

Sun Sun Patch ID 120184-12 (Linux)

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120184-12-1

Sun Sun Patch ID 120186-13 (x86)

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120186-13-1

Sun Sun Patch ID 120187-12 (Windows)

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120187-12-1

Sun StarSuite 8

Sun Sun Patch ID 120188-12 (Linux)

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120188-12-1

Sun Sun Patch ID 120190-13 (x86)

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120190-13-1

Sun Sun Patch ID 120191-12 (Windows)

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120191-12-1

OpenOffice OpenOffice 2.0 Beta

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.0.1

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.0.2

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.0.3

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.0.3 -1

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.0.4

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.2.1

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

OpenOffice OpenOffice 2.3

OpenOffice OpenOffice 2.3.1

http://download.openoffice.org/2.3.1/index.HTML?focus=download

参考网址

来源: BID

名称: 26703

链接:http://www.securityfocus.com/bid/26703

来源: www.openoffice.org

链接:http://www.openoffice.org/security/cves/CVE-2007-4575.HTML

来源: SECUNIA

名称: 27928

链接:http://secunia.com/advisories/27928

来源: FEDORA

名称: FEDORA-2007-4119

链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.HTML

来源: FEDORA

名称: FEDORA-2007-4171

链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.HTML

来源: XF

名称: openoffice-hsqldb-code-execution(38882)

链接:http://xforce.iss.net/xforce/xfdb/38882

来源: UBUNTU

名称: USN-609-1

链接:http://www.ubuntu.com/usn/usn-609-1

来源: SECTRACK

名称: 1019041

链接:http://www.securitytracker.com/id?1019041

来源: REDHAT

名称: RHSA-2008:0213

链接:http://www.redhat.com/support/errata/RHSA-2008-0213.HTML

来源: REDHAT

名称: RHSA-2008:0158

链接:http://www.redhat.com/support/errata/RHSA-2008-0158.HTML

来源: REDHAT

名称: RHSA-2008:0151

链接:http://www.redhat.com/support/errata/RHSA-2008-0151.HTML

来源: REDHAT

名称: RHSA-2007:1090

链接:http://www.redhat.com/support/errata/RHSA-2007-1090.HTML

来源: REDHAT

名称: RHSA-2007:1048

链接:http://www.redhat.com/support/errata/RHSA-2007-1048.HTML

来源: FEDORA

名称: FEDORA-2007-762

链接:http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.HTML

来源: FEDORA

名称: FEDORA-2007-4172

链接:http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.HTML

来源: FEDORA

名称: FEDORA-2007-4120

链接:http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.HTML

来源: MANDRIVA

名称: MDVSA-2008:095

链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:095

来源: GENTOO

名称: GLSA-200712-25

链接:http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml

来源: VUPEN

名称: ADV-2007-4146

链接:http://www.frsirt.com/english/advisories/2007/4146

来源: VUPEN

名称: ADV-2007-4092

链接:http://www.frsirt.com/english/advisories/2007/4092

来源: DEBIAN

名称: DSA-1419

链接:http://www.debian.org/security/2007/dsa-1419

来源: SUNALERT

名称: 200637

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1

来源: SUNALERT

名称: 103141

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1

来源: SECUNIA

名称: 30100

链接:http://secunia.com/advisories/30100

来源: SECUNIA

名称: 28585

链接:http://secunia.com/advisories/28585

来源: SECUNIA

名称: 28286

链接:http://secunia.com/advisories/28286

来源: SECUNIA

名称: 28039

链接:http://secunia.com/advisories/28039

来源: SECUNIA

名称: 28018

链接:http://secunia.com/advisories/28018

来源: SECUNIA

名称: 27972

链接:http://secunia.com/advisories/27972

来源: SECUNIA

名称: 27931

链接:http://secunia.com/advisories/27931

来源: SECUNIA

名称: 27916

链接:http://secunia.com/advisories/27916

来源: SECUNIA

名称: 27914

链接:http://secunia.com/advisories/27914

来源: SUSE

名称: SUSE-SA:2007:067

链接:http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.HTML

来源: MISC

链接:http://bugs.gentoo.org/show_bug.cgi?id=201799

来源: MISC

链接:http://bugs.gentoo.org/show_bug.cgi?id=200771

来源:NSFOCUS 名称:11260 链接:http://www.nsfocus.net/vulndb/11260

受影响实体

  • Openoffice Openoffice:2.0.1  
  • Openoffice Openoffice:2.0.2  
  • Openoffice Openoffice:2.0.3  
  • Openoffice Openoffice:2.0.3_1  
  • Openoffice Openoffice:2.0.4  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0