‫ OpenOffice.org Two Vulnerabilities

IRCAD2012051936

 

 
ID:IRCAD2012051936
Release Date: 2012-05-17
Criticality level: Highly critical
 
Software:
OpenOffice.org 3.x
 
Description:
Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file.

2) An input validation error in the WPXContentListener::_closeTableRow() function within WPXContentListener.cpp when parsing Wordperfect documents can be exploited to decrement an object pointer arbitrarily.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerabilities are reported in version 3.3. Other versions may also be affected.
 
Solution
Update to version 3.4.
 
References:
 
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 اردیبهشت 1391

امتیاز

امتیاز شما
تعداد امتیازها:0