PCWorks: OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities

Fri, 05 Jan 2007 09:09:01 -0800 

For all users of the free OpenOffice suite please do upgrade to version 2.1

OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities
Secunia Advisory:       SA23612
Release Date:   2007-01-04
Last Update:    2007-01-05

Critical:
Highly critical
Impact:         System access
Where:  From remote
Solution Status:        Vendor Patch

Software:       OpenOffice 1.0.x
OpenOffice 1.1.x
OpenOffice.org 2.x

CVE reference:  CVE-2006-5870 (Secunia mirror)

        


Description:
John Heasman has reported some vulnerabilities in OpenOffice, which can be exploited by malicious people to compromise a user's system.
1) A truncation error within the handling of the META_ESCAPE record can be exploited to cause a heap-based buffer overflow via a specially crafted WMF/EMF file.
2) An integer overflow within the handling of EMR_POLYPOLYGON and EMR_POLYPOLYGON16 records can be exploited to cause a heap-based buffer overflow via a specially crafted WMF/EMF file.
Successful exploitation of the vulnerabilities allows execution of arbitrary code and requires that a user is tricked into opening a specially crafted WMF/EMF file or a specially crafted document.
The vulnerabilities are reported in OpenOffice prior to version 2.1.0. Other versions may also be affected. 

Solution:
Apply fixes or update to version 2.1.0.
http://www.openoffice.org/servlets/ReadMsg?list=releases&msgNo=10454

Provided and/or discovered by:
John Heasman, NGSSoftware

Changelog:
2007-01-05: Updated "Description" section to include additional information on the vulnerability as well as affected products. Added link to NGSSoftware. 

Original Advisory:
NGSSoftware:
http://www.ngssoftware.com/advisories...nerabilities-in-the-openoffice-suite/

OpenOffice:
http://www.openoffice.org/issues/show_bug.cgi?id=70042

Other References:
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.html


HTH

Peter Kaulback
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================

Reply via email to