Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple Vulnerabilities Were Reported In Openoffice.org,


  • Please log in to reply
No replies to this topic

#1 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:07:02 AM

Posted 22 March 2007 - 07:51 AM

Multiple vulnerabilities were reported in Openoffice.org, which could lead to compromise of a vulnerable system.

Some of the vulnerabilities were originally reported in the libwpd library used by Openoffice.org, and could be exploited by tricking an unsuspecting user into opening a specially crafted Wordperfect document. Successful exploitation may cause a denial of service (DoS), or allow an attacker to execute arbitrary code on the vulnerable system.

A vulnerability in StarCalc parser could be exploited to cause a stack-based buffer overflow and compromise a vulnerable system. However, for this to take place, an attack must also trick an unsuspecting user into opening a specially crafted document using StarCalc.

The final vulnerability is due to shell meta characters not being properly escaped, which can be exploited to inject and execute arbitrary shell commands. Successful exploitation also entails that the user is tricked into opening a specially crafted document and clicking on a malicious link.

All vulnerabilities discussed in the advisory currently remain unpatched. Users are urged not to open untrusted documents. For more information, refer to:


The whole article by Secunia

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users