For all users of the free OpenOffice suite please do upgrade to version 2.1
OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities
Secunia Advisory: SA23612
Release Date: 2007-01-04
Last Update: 2007-01-05
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: OpenOffice 1.0.x
OpenOffice 1.1.x
OpenOffice.org 2.x
CVE reference: CVE-2006-5870 (Secunia mirror)
Description:
John Heasman has reported some vulnerabilities in OpenOffice, which can
be exploited by malicious people to compromise a user's system.
1) A truncation error within the handling of the META_ESCAPE record can
be exploited to cause a heap-based buffer overflow via a specially
crafted WMF/EMF file.
2) An integer overflow within the handling of EMR_POLYPOLYGON and
EMR_POLYPOLYGON16 records can be exploited to cause a heap-based buffer
overflow via a specially crafted WMF/EMF file.
Successful exploitation of the vulnerabilities allows execution of
arbitrary code and requires that a user is tricked into opening a
specially crafted WMF/EMF file or a specially crafted document.
The vulnerabilities are reported in OpenOffice prior to version 2.1.0.
Other versions may also be affected.
Solution:
Apply fixes or update to version 2.1.0.
http://www.openoffice.org/servlets/ReadMsg?list=releases&msgNo=10454
Provided and/or discovered by:
John Heasman, NGSSoftware
Changelog:
2007-01-05: Updated "Description" section to include additional
information on the vulnerability as well as affected products. Added
link to NGSSoftware.
Original Advisory:
NGSSoftware:
http://www.ngssoftware.com/advisories...nerabilities-in-the-openoffice-suite/
OpenOffice:
http://www.openoffice.org/issues/show_bug.cgi?id=70042
Other References:
http://archives.neohapsis.com/archives/vulnwatch/2007-q1/0002.html
HTH
Peter Kaulback
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================