|
OpenOffice.org Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA24588
|
|
|
Release Date:
|
2007-03-21
|
|
Last Update:
|
2007-04-05
|
|
Popularity:
|
13,500 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Partial Fix
|
|
| Software: | OpenOffice 1.0.x
OpenOffice 1.1.x
OpenOffice.org 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2007-0002
CVE-2007-0238
CVE-2007-0239
|
|
Description:
Some vulnerabilities have been reported in OpenOffice.org, which potentially can be exploited by malicious people to compromise a user's system.
1) Several vulnerabilities within the libwpd library used by OpenOffice.org can be exploited to cause heap-based buffer overflows and may allow the execution of arbitrary code by e.g. tricking a user into opening a specially crafted WordPerfect document.
This affects 2.x versions prior to 2.2 only.
For more information:
SA24507
2) A boundary error within the StarCalc parser can be exploited to cause a stack-based buffer overflow and may allow execution of arbitrary code by e.g. tricking a user into opening a specially crafted document.
3) Shell meta characters are not correctly escaped, which can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into opening a specially crafted document and clicking a malicious link.
Reportedly, this does not affected Windows systems.
Solution:
Update to version 2.2 or apply patches.
Provided and/or discovered by:
1) Originally discovered by an anonymous researcher. Further research by Sean Larsson from iDefense revealed additional vulnerabilities.
2) John Heasman, Next Generation Security.
3) Reported in a Debian advisory.
Changelog:
2007-03-29: Updated "Solution", "Solution Status", and "Description" section. Added links to vendor advisories.
2007-04-05: Updated credits.
Original Advisory:
http://www.debian.org/security/2007/dsa-1270
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=490
http://www.openoffice.org/security/CVE-2007-2.html
http://www.openoffice.org/security/CVE-2007-0238
http://www.openoffice.org/security/CVE-2007-0239.html
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
