Ravens PHP Scripts

OpenOffice RTF File Parsing Buffer Overflow Vulnerability
Date: Wednesday, June 13, 2007 @ 19:39:54 PDT
Topic: Security


SECUNIA ADVISORY ID: SA25648

VERIFY ADVISORY: http://secunia.com/advisories/25648/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE:
OpenOffice 1.1.x - http://secunia.com/product/302/
OpenOffice.org 2.x - http://secunia.com/product/6157/
OpenOffice 1.0.x - http://secunia.com/product/303/

DESCRIPTION: A vulnerability has been reported in OpenOffice, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the parsing of RTF files and can be exploited to cause a heap based buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code.

SOLUTION: Do not open untrusted RTF files.

PROVIDED AND/OR DISCOVERED BY: Reported in a Debian advisory crediting John Heasman.

ORIGINAL ADVISORY: http://www.us.debian.org/security/2007/dsa-1307








This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2957