File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1- [id ]
2- ave_id = " AVE-2007-0009"
3- cve_id = " CVE-2007-4770"
4- aliases = [" CVE-2007-4770" , " CVE-2007-4771" ]
5-
61[basic ]
7- title = " OpenOffice.org ICU 库正则表达式反向引用越界内存访问漏洞"
8- description = " International Components for Unicode (ICU) 库 3.8.1 及更早版本在处理正则表达式中对不存在的捕获组零(\\ 0)的反向引用时存在缺陷,导致 REStackFrames 数据结构损坏,可能允许攻击者通过特制的 ODF 文本文档(包含 XForms)实现堆溢出,从而触发越界内存读写并在目标系统上执行任意代码。该漏洞通过 OpenOffice.org 使用的第三方 ICU 库被触发,用户只需打开恶意文档即可被利用。"
9- severity = " MEDIUM"
10- score = 6.8
11- cvss_v2 = " AV:N/AC:M/Au:N/C:P/I:P/A:P"
12- remediation = " 升级 OpenOffice.org 至 2.4 或更高版本;或升级 ICU 库至 3.8.1 之后的安全版本。各 Linux 发行版用户应安装对应安全更新(如 Debian DSA-1511-1、Red Hat RHSA-2008-0090、Ubuntu USN-591-1)。"
13- published = " 2008-01-28"
14- updated = " 2026-06-16"
2+ description = " "
3+ published = " "
4+ remediation = " Refer to vendor advisory and upgrade to fixed version."
5+ score = 0.0
6+ severity = " UNKNOWN"
157sources = [" tenable" ]
16-
17- [affected ]
18- vendor = " Apache"
19- product = " OpenOffice"
20-
21- [references ]
22- nvd = " https://nvd.nist.gov/vuln/detail/CVE-2007-4770"
23- openoffice = " https://www.openoffice.org/security/cves/CVE-2007-4770.html"
24- redhat = " http://rhn.redhat.com/errata/RHSA-2008-0090.html"
25- debian = " https://lists.debian.org/debian-security-announce/2008/msg00075.html"
26- ubuntu = " https://ubuntu.com/security/notices/USN-591-1"
27- opensuse = " http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html"
8+ title = " CVE-2007-4770 漏洞"
9+ updated = " "
2810
2911[exploit ]
30- poc_urls = []
3112exp_urls = []
32- nuclei_templates = []
13+ poc_urls = []
14+
15+ [id ]
16+ aliases = [" CVE-2007-4770" ]
17+ ave_id = " AVE-2007-0009"
18+ cve_id = " CVE-2007-4770"
3319
3420[meta ]
35- collected_at = " 2026-07-10T12:52:04Z "
21+ collected_at = " 2026-07-11T00:08:49.200933098+00:00 "
3622status = " completed"
23+
24+ [references ]
25+ urls = []
You can’t perform that action at this time.
0 commit comments