The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x prior to 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache openoffice |
||
debian debian linux 5.0 |
||
canonical ubuntu linux 10.10 |
||
debian debian linux 6.0 |
||
canonical ubuntu linux 9.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 10.04 |