(Red Hat Issues Fix for OpenOffice) libwpd Buffer Overflows Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1017811 |
|
SecurityTracker URL: http://securitytracker.com/id/1017811
|
|
CVE Reference:
CVE-2007-0002, CVE-2007-1466
(Links to External Site)
|
Date: Mar 22 2007
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in libwpd. A remote user can cause arbitrary code to be executed on the target user's system. OpenOffice is affected.
A remote user can create a specially crafted WordPerfect document that, when loaded by the target user, will trigger an integer overflow or heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user or the application using libwpd.
The WP6GeneralTextPacket::_readContents() function, WP3TablesGroup::_readContents() function, and WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup() functions are affected.
The vendor was notified on January 11, 2007.
iDefense reported the WP6GeneralTextPacket vulnerability.and Sean Larsson from iDefense Labs discovered the other vulnerabilities.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
Red Hat has issued a fix for OpenOffice, which is affected by this libwpd vulnerability.
The Red Hat advisory is available at:
http://rhn.redhat.com/errata/RHSA-2007-0033.html
|
Cause:
Boundary error
|
Underlying OS:
Linux (Red Hat Enterprise)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 22 Mar 2007 08:25:23 -0500
Subject: http://rhn.redhat.com/errata/RHSA-2007-0033.html
|
> Security Advisory Important: openoffice.org security update
http://rhn.redhat.com/errata/RHSA-2007-0033.html
CVE-2007-0238
CVE-2007-0239
CVE-2007-1466
|
|
