November 8, 2008

Code execution flaws haunt OpenOffice

October 29th, 2008

Posted by Ryan Naraine

OpenOffice security vulnerabilitiesOpenOffice.org has shipped a new version of the open-source desktop productivity suite to patch a pair of highly-critical vulnerabilities that could expose users to arbitrary code execution attacks.

The flaws, which affect all versions prior to OpenOffice.org 2.4.2, could be exploited via manipulated WMF and EMF files in StarOffice or StarSuite documents.

The skinny:

  • CVE-2008-2237: A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.  There is no workaround.
  • CVE-2008-2238: A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now. There is no workaround.

OpenOffice.org described the bugs as file-handling heap overflows.   cialis 20 mg dosage Patches are available in OpenOffice 2.4.2.

OpenOffice 3.0 is not affected by these vulnerabilities.

Filed under OpenOffice by al

Permalink • Print • Comment

Leave a comment

You must be logged in to post a comment.

Made with WordPress and Semiologic • Sky Gold skin by Denis de Bernardy