漏洞信息详情
OpenOffice HSQLDB Java代码执行漏洞
- CNNVD编号:CNNVD-200712-060
- 危害等级: 中危
- CVE编号: CVE-2007-4575
- 漏洞类型: 代码注入
- 发布时间: 2007-12-05
- 威胁类型: 远程
- 更新时间: 2009-02-21
- 厂 商: openoffice
- 漏洞来源: OpenOffice.org
漏洞简介
OpenOffice(OOo)是美国阿帕奇(Apache)软件基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。
OpenOffice的数据库引擎HSQLDB实现上存在漏洞,远程攻击者可能利用此漏洞执行任意Java代码。
OpenOffice所捆绑的默认数据库引擎HSQLDB在解析SQL查询时没有正确地强制安全限制,如果用户受骗打开了恶意数据库文档中并执行了其中所包含的特制SQL查询的话,就可能导致调用任意静态的Java方式。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
OpenOffice OpenOffice 2.2
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.1
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
Sun StarOffice 8.0
Sun Sun Patch ID 120184-12 (Linux)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120184-12-1
Sun Sun Patch ID 120186-13 (x86)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120186-13-1
Sun Sun Patch ID 120187-12 (Windows)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120187-12-1
Sun StarSuite 8
Sun Sun Patch ID 120188-12 (Linux)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120188-12-1
Sun Sun Patch ID 120190-13 (x86)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120190-13-1
Sun Sun Patch ID 120191-12 (Windows)
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120191-12-1
OpenOffice OpenOffice 2.0 Beta
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.0.1
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.0.2
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.0.3
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.0.3 -1
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.0.4
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.2.1
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
OpenOffice OpenOffice 2.3
OpenOffice OpenOffice 2.3.1
http://download.openoffice.org/2.3.1/index.HTML?focus=download
参考网址
来源: BID
名称: 26703
链接:http://www.securityfocus.com/bid/26703
来源: www.openoffice.org
链接:http://www.openoffice.org/security/cves/CVE-2007-4575.HTML
来源: SECUNIA
名称: 27928
链接:http://secunia.com/advisories/27928
来源: FEDORA
名称: FEDORA-2007-4119
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.HTML
来源: FEDORA
名称: FEDORA-2007-4171
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.HTML
来源: XF
名称: openoffice-hsqldb-code-execution(38882)
链接:http://xforce.iss.net/xforce/xfdb/38882
来源: UBUNTU
名称: USN-609-1
链接:http://www.ubuntu.com/usn/usn-609-1
来源: SECTRACK
名称: 1019041
链接:http://www.securitytracker.com/id?1019041
来源: REDHAT
名称: RHSA-2008:0213
链接:http://www.redhat.com/support/errata/RHSA-2008-0213.HTML
来源: REDHAT
名称: RHSA-2008:0158
链接:http://www.redhat.com/support/errata/RHSA-2008-0158.HTML
来源: REDHAT
名称: RHSA-2008:0151
链接:http://www.redhat.com/support/errata/RHSA-2008-0151.HTML
来源: REDHAT
名称: RHSA-2007:1090
链接:http://www.redhat.com/support/errata/RHSA-2007-1090.HTML
来源: REDHAT
名称: RHSA-2007:1048
链接:http://www.redhat.com/support/errata/RHSA-2007-1048.HTML
来源: FEDORA
名称: FEDORA-2007-762
链接:http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.HTML
来源: FEDORA
名称: FEDORA-2007-4172
链接:http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.HTML
来源: FEDORA
名称: FEDORA-2007-4120
链接:http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.HTML
来源: MANDRIVA
名称: MDVSA-2008:095
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:095
来源: GENTOO
名称: GLSA-200712-25
链接:http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml
来源: VUPEN
名称: ADV-2007-4146
链接:http://www.frsirt.com/english/advisories/2007/4146
来源: VUPEN
名称: ADV-2007-4092
链接:http://www.frsirt.com/english/advisories/2007/4092
来源: DEBIAN
名称: DSA-1419
链接:http://www.debian.org/security/2007/dsa-1419
来源: SUNALERT
名称: 200637
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1
来源: SUNALERT
名称: 103141
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1
来源: SECUNIA
名称: 30100
链接:http://secunia.com/advisories/30100
来源: SECUNIA
名称: 28585
链接:http://secunia.com/advisories/28585
来源: SECUNIA
名称: 28286
链接:http://secunia.com/advisories/28286
来源: SECUNIA
名称: 28039
链接:http://secunia.com/advisories/28039
来源: SECUNIA
名称: 28018
链接:http://secunia.com/advisories/28018
来源: SECUNIA
名称: 27972
链接:http://secunia.com/advisories/27972
来源: SECUNIA
名称: 27931
链接:http://secunia.com/advisories/27931
来源: SECUNIA
名称: 27916
链接:http://secunia.com/advisories/27916
来源: SECUNIA
名称: 27914
链接:http://secunia.com/advisories/27914
来源: SUSE
名称: SUSE-SA:2007:067
链接:http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.HTML
来源: MISC
链接:http://bugs.gentoo.org/show_bug.cgi?id=201799
来源: MISC
链接:http://bugs.gentoo.org/show_bug.cgi?id=200771
来源:NSFOCUS 名称:11260 链接:http://www.nsfocus.net/vulndb/11260
受影响实体
- Openoffice Openoffice:2.0.1
- Openoffice Openoffice:2.0.2
- Openoffice Openoffice:2.0.3
- Openoffice Openoffice:2.0.3_1
- Openoffice Openoffice:2.0.4
补丁
暂无
评论