OpenOffice 2.x Overflow Vulnerability

myITforum.com Community Forum

Home Forums Blogs Live Support chat Search Articles Wiki FAQ Email Lists Register Login My Profile Inbox Address Book My Subscription My Forums

Photo Gallery Member List Search Calendars FAQ Ticket List Log Out

All Forums RSS Feed Subscription:

OpenOffice 2.x Overflow Vulnerability

View related threads: (in this forum | in all forums)

Logged in as: Guest

Printable Version

All Forums >> [Security, AntiVirus, and Patching] >> Breaking Virus & Security News >> OpenOffice 2.x Overflow Vulnerability

Page: [1]

Message

<< Older Topic Newer Topic >>

OpenOffice 2.x Overflow Vulnerability - 6/19/2008 11:28:34 AM

awenlock

Posts: 341
Score: 176
Joined: 3/8/2005
Status: offline

Last week OpenOffice released a new version, 2.4.1, to fix a vulnerability that could allwo remote code execution.

The vulnerability affects OpenOffice 2.0 - 2.4.

Quote:
A vulnerability has been reported in OpenOffice, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in "rtl_allocateMemory()" and can be exploited to cause heap-based buffer overflows via a specially crafted document. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 2.0 to 2.4.

Upgrading to the latest version 2.4.1 will resolve this vulnerability.

Links:

Secunia: http://secunia.com/advisories/30599/
OpenOffice: http://www.openoffice.org/security/cves/CVE-2008-2152.html
ISC: http://isc.sans.org/diary.html?storyid=4559

Regards
Alan