|
OpenOffice Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA29852
|
|
|
Release Date:
|
2008-04-17
|
|
Last Update:
|
2008-04-21
|
|
Popularity:
|
6,614 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | OpenOffice 1.0.x
OpenOffice 1.1.x
OpenOffice.org 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2007-4770
CVE-2007-4771
CVE-2007-5746
CVE-2007-5745
CVE-2007-5747
CVE-2008-0320
|
|
Description:
Some vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system.
1) Boundary errors in the parsing of "Attribute" and "Font Description" records in Quattro Pro files can be exploited to cause heap-based buffer overflows via a specially crafted Quattro Pro file with more than 256 records.
2) An integer underflow error in the parsing of Quattro Pro files can be exploited to cause a stack-based buffer overflow via a specially crafted Quattro Pro file.
3) An integer overflow error in the parsing of EMR_STRETCHBLT records in EMF files can be exploited to cause a buffer overflow via a specially crafted EMF file.
4) A boundary error in the parsing of "DocumentSummaryInformation" streams in OLE files can be exploited to cause a heap-based buffer overflow via a specially crafted OLE file.
5) Two errors in the processing of ODF text documents containing specially crafted XForms can be exploited to corrupt heap memory.
For more information:
SA28575
Successful exploitation of the vulnerabilities may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 2.4.
Solution:
Update to version 2.4.
Provided and/or discovered by:
1) Independently discovered by:
* Sean Larsson, iDefense Labs
* An anonymous researcher, reported via iDefense Labs
2) An anonymous researcher, reported via iDefense Labs.
3) An anonymous researcher, reported via iDefense Labs.
4) Marsu, reported via iDefense Labs.
Changelog:
2008-04-21: Updated advisory based on additional information from iDefense Labs. Added additional links to iDefense Labs.
Original Advisory:
OpenOffice:
http://www.openoffice.org/security/cves/CVE-2007-5746.html
http://www.openoffice.org/security/cves/CVE-2007-4770.html
http://www.openoffice.org/security/cves/CVE-2007-5745.html
http://www.openoffice.org/security/cves/CVE-2008-0320.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=692
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
Other References:
SA28575:
http://secunia.com/advisories/28575/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
