Bug 527556 (CVE-2009-3569, CVE-2009-3570, CVE-2009-3571) - CVE-2009-3569, CVE-2009-3570, CVE-2009-3571 openoffice.org: multiple reported vulnerabilities in OOo
Summary: CVE-2009-3569, CVE-2009-3570, CVE-2009-3571 openoffice.org: multiple reported...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: CVE-2009-3569, CVE-2009-3570, CVE-2009-3571
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-10-06 22:08 UTC by Vincent Danen
Modified: 2019-09-29 12:32 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-21 19:20:14 UTC
Embargoed:


Attachments (Terms of Use)

Description Vincent Danen 2009-10-06 22:08:59 UTC
Multiple vulenerabilities were reported against OpenOffice.org; the original report indicates the affected platform is Windows but without any evidence to substantiate that, we cannot claim this does not affect us.


Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3569 to
the following vulnerability:

Name: CVE-2009-3569
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3569
Assigned: 20091006
Reference: MISC: http://intevydis.com/vd-list.shtml
Reference: BID:36285
Reference: URL: http://www.securityfocus.com/bid/36285
Reference: SECTRACK:1022832
Reference: URL: http://www.securitytracker.com/id?1022832

Stack-based buffer overflow in OpenOffice.org (OOo) allows remote
attackers to execute arbitrary code via unspecified vectors, as
demonstrated by a certain module in VulnDisco Pack Professional 8.8,
aka "Client-side stack overflow exploit." NOTE: as of 20091005, this
disclosure has no actionable information. However, because the
VulnDisco Pack author is a reliable researcher, the issue is being
assigned a CVE identifier for tracking purposes.



Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3570 to
the following vulnerability:

Name: CVE-2009-3570
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3570
Assigned: 20091006
Reference: MISC: http://intevydis.com/vd-list.shtml
Reference: BID:36285
Reference: URL: http://www.securityfocus.com/bid/36285
Reference: SECTRACK:1022828
Reference: URL: http://www.securitytracker.com/id?1022828

Unspecified vulnerability in OpenOffice.org (OOo) has unspecified
impact and remote attack vectors, as demonstrated by a certain module
in VulnDisco Pack Professional 8.9.  NOTE: as of 200901005, this
disclosure has no actionable information. However, because the
VulnDisco Pack author is a reliable researcher, the issue is being
assigned a CVE identifier for tracking purposes.



Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3571 to
the following vulnerability:

Name: CVE-2009-3571
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3571
Assigned: 20091006
Reference: MISC: http://intevydis.com/vd-list.shtml
Reference: BID:36285
Reference: URL: http://www.securityfocus.com/bid/36285
Reference: SECTRACK:1022832
Reference: URL: http://www.securitytracker.com/id?1022832

Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact
and client-side attack vector, as demonstrated by a certain module in
VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as
of 200901005, this disclosure has no actionable information. However,
because the VulnDisco Pack author is a reliable researcher, the issue
is being assigned a CVE identifier for tracking purposes.

Comment 1 Vincent Danen 2010-03-09 20:12:48 UTC
There is currently still no information on these vulnerabilities available.

Comment 2 Vincent Danen 2010-12-21 19:20:14 UTC
This is still no actionable information on this and nothing from upstream regarding it, so it's not possible to know whether these are legitimate vulnerabilities or not.

If we don't know what the problem is, we can't fix it, and this has been open for over a year with no information coming forward anywhere (and no other vendors have found/obtained any information here either.


Note You need to log in before you can comment on or make changes to this bug.