OpenOffice.org Office Suite Heap Overflow in Parsing RTF Files Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1018239
|
|
SecurityTracker URL: http://securitytracker.com/id?1018239
|
|
CVE Reference: CVE-2007-0245
(Links to External Site)
|
Date: Jun 13 2007
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 2.2.1
|
Description: A vulnerability was reported in OpenOffice.org Office Suite. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted RTF file that, when loaded by the target user, will trigger a heap overflow and execute
arbitrary code on the target system. The code will run with the privileges of the target user.
The vulnerability resides in
'/sw/sw/source/filter/rtf/swparrtf.cxx'.
John Heasman discovered this vulnerability.
|
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution: The vendor has issued a source code fix, available via CVS:
http://sw.openoffice.org/source/browse/sw/sw/source/filter/rtf/swparrtf.cxx?rev=1.67
|
Vendor URL: www.openoffice.org/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 13 Jun 2007 11:35:49 -0400
Subject: OpenOffice
|
CVE-2007-0245
Debian wrote:
John Heasman discovered a heap overflow in the routines of OpenOffice.org
that parse RTF files. A specially crafted RTF file could cause the
filter to overwrite data on the heap, which may lead to the execution
of arbitrary code.
|
|
