• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AbiWord Stack-Based Buffer Overflow Vulnerabilities

AbiWord is susceptible to multiple stack-based buffer-overflow vulnerabilities; fixes are available. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer while importing RTF files.

These issues likely allow attackers to execute arbitrary machine code in the context of the user running the affected application.

Though similar to the vulnerability described in BID 14971 (AbiWord RTF File Processing Buffer Overflow Vulnerability), these vulnerabilities constitute a separate issue.