FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Calligra, KOffice -- input validation failure

Affected packages
koffice <= 1.6.3_18,2
koffice-kde4 <= 2.3.3_7
calligra < 2.5.0

Details

VuXML ID aa4d3d73-ef17-11e1-b593-00269ef07d24
Discovery 2012-08-10
Entry 2012-08-26

KDE Security Advisory reports:

A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf.

References

CVE Name CVE-2012-3455
CVE Name CVE-2012-3456
URL http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf
URL http://www.kde.org/info/security/advisory-20120810-1.txt