|
OpenOffice Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA29852
|
|
|
Release Date:
|
2008-04-17
|
|
Last Update:
|
2008-04-21
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | OpenOffice 1.0.x
OpenOffice 1.1.x
OpenOffice.org 2.x
|
| | CVE reference: | CVE-2007-4770 (Secunia mirror)
CVE-2007-4771 (Secunia mirror)
CVE-2007-5746 (Secunia mirror)
CVE-2007-5745 (Secunia mirror)
CVE-2007-5747 (Secunia mirror)
CVE-2008-0320 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system.
1) Boundary errors in the parsing of "Attribute" and "Font Description" records in Quattro Pro files can be exploited to cause heap-based buffer overflows via a specially crafted Quattro Pro file with more than 256 records.
2) An integer underflow error in the parsing of Quattro Pro files can be exploited to cause a stack-based buffer overflow via a specially crafted Quattro Pro file.
3) An integer overflow error in the parsing of EMR_STRETCHBLT records in EMF files can be exploited to cause a buffer overflow via a specially crafted EMF file.
4) A boundary error in the parsing of "DocumentSummaryInformation" streams in OLE files can be exploited to cause a heap-based buffer overflow via a specially crafted OLE file.
5) Two errors in the processing of ODF text documents containing specially crafted XForms can be exploited to corrupt heap memory.
For more information:
SA28575
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.4.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution:
Update to version 2.4.
Provided and/or discovered by:
1) Independently discovered by:
* Sean Larsson, iDefense Labs
* An anonymous researcher, reported via iDefense Labs
2) An anonymous researcher, reported via iDefense Labs.
3) An anonymous researcher, reported via iDefense Labs.
4) Marsu, reported via iDefense Labs.
Changelog:
2008-04-21: Updated advisory based on additional information from iDefense Labs. Added additional links to iDefense Labs.
Original Advisory:
OpenOffice:
http://www.openoffice.org/security/cves/CVE-2007-5746.html
http://www.openoffice.org/security/cves/CVE-2007-4770.html
http://www.openoffice.org/security/cves/CVE-2007-5745.html
http://www.openoffice.org/security/cves/CVE-2008-0320.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
Other References:
SA28575:
http://secunia.com/advisories/28575/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
14 Related Secunia Security Advisories, displaying 10
|
|
|
1. OpenOffice "rtl_allocateMemory()" Integer Overflow Vulnerability
|
|
2. OpenOffice Database Document Processing Arbitrary Java Method Execution
|
|
3. OpenOffice TIFF Parsing Integer Overflow Vulnerabilities
|
|
4. OpenOffice 2 TIFF Parsing Integer Overflow Vulnerabilities
|
|
5. OpenOffice RTF File and FreeType Font Parsing Vulnerabilities
|
|
6. OpenOffice.org Multiple Vulnerabilities
|
|
7. OpenOffice WMF/EMF Processing Buffer Overflow Vulnerabilities
|
|
8. OpenOffice Multiple Vulnerabilities
|
|
9. OpenOffice cURL/libcURL URL Parsing Off-By-One Vulnerability
|
|
10. OpenOffice ".doc" Document Handling Buffer Overflow
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
