|
awenlock -> OpenOffice 2.x Overflow Vulnerability (6/19/2008 11:28:34 AM)
|
Last week OpenOffice released a new version, 2.4.1, to fix a vulnerability that could allwo remote code execution.
The vulnerability affects OpenOffice 2.0 - 2.4.
Quote:
A vulnerability has been reported in OpenOffice, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in "rtl_allocateMemory()" and can be exploited to cause heap-based buffer overflows via a specially crafted document. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 2.0 to 2.4.
Upgrading to the latest version 2.4.1 will resolve this vulnerability.
Links:
Secunia: http://secunia.com/advisories/30599/
OpenOffice: http://www.openoffice.org/security/cves/CVE-2008-2152.html
ISC: http://isc.sans.org/diary.html?storyid=4559
Regards
Alan
|
|
|
|
