OpenOffice.org Two Vulnerabilities
OpenOffice.org 3.3, Other versions may also be affected.
Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.
1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file.
2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect WPD-format document.
Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
The vendor has issued an update 3.4.