Published: 06/12/2007 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Subscribe to Openoffice

HSQLDB prior to 1.8.0.9, as used in OpenOffice.org (OOo) 2 prior to 2.3.1, allows user-assisted remote malicious users to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."

Vulnerable Product	Search on Vulmon	Subscribe to Product
openoffice openoffice 2.0.4
openoffice openoffice 2.0beta
openoffice openoffice 2.1
openoffice openoffice 2.2
openoffice openoffice 2.0.1
openoffice openoffice 2.0.2
openoffice openoffice 2.2.1
openoffice openoffice
openoffice openoffice 2.0.3
openoffice openoffice 2.0.3_1

Debian Bug report logs - #454463 openofficeorg: CVE-2007-4575 possibly arbitrary code execution through crafted database files Package: openofficeorg; Maintainer for openofficeorg is (unknown); Reported by: Nico Golde <nion@debianorg> Date: Wed, 5 Dec 2007 12:51:19 UTC Severity: grave Tags: security Found in versions ...

It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOfficeorg If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges (CVE-2007-4575) ...

CWE-94 http://www.openoffice.org/security/cves/CVE-2007-4575.html http://www.securityfocus.com/bid/26703 http://secunia.com/advisories/27928 http://www.debian.org/security/2007/dsa-1419 http://www.redhat.com/support/errata/RHSA-2007-1048.html http://www.redhat.com/support/errata/RHSA-2007-1090.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1 http://www.securitytracker.com/id?1019041 http://secunia.com/advisories/27914 http://secunia.com/advisories/27916 http://secunia.com/advisories/27931 http://secunia.com/advisories/28018 http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html http://secunia.com/advisories/28039 http://secunia.com/advisories/28286 http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html http://secunia.com/advisories/27972 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html http://secunia.com/advisories/28585 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1 http://www.redhat.com/support/errata/RHSA-2008-0158.html http://www.redhat.com/support/errata/RHSA-2008-0151.html http://www.redhat.com/support/errata/RHSA-2008-0213.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:095 http://www.ubuntu.com/usn/usn-609-1 http://secunia.com/advisories/30100 http://www.vupen.com/english/advisories/2007/4146 http://www.vupen.com/english/advisories/2007/4092 https://exchange.xforce.ibmcloud.com/vulnerabilities/38882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454463 https://usn.ubuntu.com/609-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook