You are here

U-172: OpenOffice.org Two Vulnerabilities

May 18, 2012 - 7:00am

Addthis

PROBLEM:

OpenOffice.org Two Vulnerabilities

PLATFORM:

OpenOffice.org 3.3, Other versions may also be affected.

ABSTRACT:

Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.

Reference LINKS:

Secunia Advisory SA46992
CVE-2012-1149
CVE-2012-2149

IMPACT ASSESSMENT:

High

Discussion:

1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file.
2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect WPD-format document.

Impact:

Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

Solution:

The vendor has issued an update 3.4.

Addthis