Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.

Chris Evans discovered a buffer overflow in the RTF importer of kword, a word processor for the KDE Office Suite that can lead to the execution of arbitrary code.

Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of arbitrary code.

The updated packages are patched to deal with these issues.

New KOffice packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with KWord. A buffer overflow in the RTF import functionality could result in the execution of arbitrary code.

The remote host is affected by the vulnerability described in GLSA-200510-12 (KOffice, KWord: RTF import buffer overflow)

    Chris Evans discovered that the KWord RTF importer was vulnerable     to a heap-based buffer overflow.
  Impact :

    An attacker could entice a user to open a specially crafted RTF     file, potentially resulting in the execution of arbitrary code with the     rights of the user running the affected application.
  Workaround :

    There is no known workaround at this time.

- Tue Oct 11 2005 Than Ngo <than at redhat.com>     4:1.4.2-0.FC3.2

    - remove security fix which is included in new 1.4.2       upstream

  - Thu Sep 29 2005 Than Ngo <than at redhat.com>     4:1.4.2-0.FC3.1

    - update to 1.4.2

    - apply upstream patch to fix CVE-2005-2971 kword buffer       overflow #169486

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
22738	Debian DSA-872-1 : koffice - buffer overflow	Nessus	Debian Local Security Checks	high
20618	Ubuntu 5.04 : koffice vulnerability (USN-202-1)	Nessus	Ubuntu Local Security Checks	high
20431	Mandrake Linux Security Advisory : koffice (MDKSA-2005:185)	Nessus	Mandriva Local Security Checks	high
20150	Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : KOffice/KWord (SSA:2005-310-02)	Nessus	Slackware Local Security Checks	high
20032	GLSA-200510-12 : KOffice, KWord: RTF import buffer overflow	Nessus	Gentoo Local Security Checks	high
20021	Fedora Core 3 : koffice-1.4.2-0.FC3.2 (2005-984)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2005-2971

high

Tenable Plugins

high

high

high

high

high

high