fwiw, I found one site where a poster was wondering why the act of
opening an Excel file would involve something that calls/impacts the
general operating system. It would appear that Excel is only being used
as a means to deliver the vulnerability and perhaps requires VBA? I
suppose the question might be whether OOo also calls msvcrt.memmove()?
I know I've read of flaws in FF that involved calls to some MS functions
or the MS rendering engine, so even though one could argue IE and FF are
different as night and day, the fact they are both running on an MS OS
might make a vulnerability common to both. So for OOo running on a
Windows system, is it possible it is calling the same thing that MSO
would call that triggers the vulnerability?
It does not sound like something that would impact OOo to me, but a)I am
merely an end user and b)I only run Linux so I'm not real concerned
about MS vulnerabilities(and thus, quite uninformed).
It does sound to me like this is the same vulnerability that was being
"sold" on eBay back in December. Does anyone know if that is correct?
Or does it just involve the same function?
HTH,
Jeff Causey
G. Roderick Singleton wrote:
On Wed, 2006-03-15 at 00:41 -0800, Robert Stemp wrote:
I am sure this will cause a slew of various anti-MS comments, and for
that I apologize. I am also not sure if this is the correct list for
this question but, does the new Excel vulnerability affect Calc as well?
I couldn't find any real details on it, but it looks like it can cause a
problem with memory handling (maybe?) specifically, msvcrt.memmove().
Anybody have thoughts on this, might this be a potential OOo issue?
I assume you are referring to
http://www.us-cert.gov/cas/techalerts/TA06-073A.html To the best of my
knowledge no. But why would you ask as OOo is as different from MSO as
night is from day?
