Skip to content

Commit 4bf99d6

Browse files
committed
add: AVE-2007-0009
1 parent d609a1a commit 4bf99d6

1 file changed

Lines changed: 17 additions & 28 deletions

File tree

vulns/2007/AVE-2007-0009.toml

Lines changed: 17 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,25 @@
1-
[id]
2-
ave_id = "AVE-2007-0009"
3-
cve_id = "CVE-2007-4770"
4-
aliases = ["CVE-2007-4770", "CVE-2007-4771"]
5-
61
[basic]
7-
title = "OpenOffice.org ICU 库正则表达式反向引用越界内存访问漏洞"
8-
description = "International Components for Unicode (ICU) 库 3.8.1 及更早版本在处理正则表达式中对不存在的捕获组零(\\0)的反向引用时存在缺陷,导致 REStackFrames 数据结构损坏,可能允许攻击者通过特制的 ODF 文本文档(包含 XForms)实现堆溢出,从而触发越界内存读写并在目标系统上执行任意代码。该漏洞通过 OpenOffice.org 使用的第三方 ICU 库被触发,用户只需打开恶意文档即可被利用。"
9-
severity = "MEDIUM"
10-
score = 6.8
11-
cvss_v2 = "AV:N/AC:M/Au:N/C:P/I:P/A:P"
12-
remediation = "升级 OpenOffice.org 至 2.4 或更高版本;或升级 ICU 库至 3.8.1 之后的安全版本。各 Linux 发行版用户应安装对应安全更新(如 Debian DSA-1511-1、Red Hat RHSA-2008-0090、Ubuntu USN-591-1)。"
13-
published = "2008-01-28"
14-
updated = "2026-06-16"
2+
description = ""
3+
published = ""
4+
remediation = "Refer to vendor advisory and upgrade to fixed version."
5+
score = 0.0
6+
severity = "UNKNOWN"
157
sources = ["tenable"]
16-
17-
[affected]
18-
vendor = "Apache"
19-
product = "OpenOffice"
20-
21-
[references]
22-
nvd = "https://nvd.nist.gov/vuln/detail/CVE-2007-4770"
23-
openoffice = "https://www.openoffice.org/security/cves/CVE-2007-4770.html"
24-
redhat = "http://rhn.redhat.com/errata/RHSA-2008-0090.html"
25-
debian = "https://lists.debian.org/debian-security-announce/2008/msg00075.html"
26-
ubuntu = "https://ubuntu.com/security/notices/USN-591-1"
27-
opensuse = "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
8+
title = "CVE-2007-4770 漏洞"
9+
updated = ""
2810

2911
[exploit]
30-
poc_urls = []
3112
exp_urls = []
32-
nuclei_templates = []
13+
poc_urls = []
14+
15+
[id]
16+
aliases = ["CVE-2007-4770"]
17+
ave_id = "AVE-2007-0009"
18+
cve_id = "CVE-2007-4770"
3319

3420
[meta]
35-
collected_at = "2026-07-10T12:52:04Z"
21+
collected_at = "2026-07-11T00:08:49.200933098+00:00"
3622
status = "completed"
23+
24+
[references]
25+
urls = []

0 commit comments

Comments
 (0)