OpenOffice.org Integer Overflow in 'vclmi.dll' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1027068 |
|
SecurityTracker URL: http://securitytracker.com/id/1027068
|
|
CVE Reference:
CVE-2012-1149
(Links to External Site)
|
Updated: May 16 2012
|
Original Entry Date: May 16 2012
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.3 and 3.4 Beta; possibly earlier versions
|
Description:
A vulnerability was reported in OpenOffice.org. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted file that, when loaded by the target user, will trigger an integer overflow in 'vclmi.dll' and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A DOC file with a specially crafted embedded JPEG object can trigger the overflow.
Tielei Wang reported this vulnerability via Secunia SVCRP.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued a fix (3.4).
The vendor's advisory is available at:
http://www.openoffice.org/security/cves/CVE-2012-1149.html
|
Vendor URL: www.openoffice.org/security/cves/CVE-2012-1149.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 16 May 2012 11:03:23 -0400
Subject: [Full-disclosure] CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module
when allocating memory for an embedded image object
Reference: http://www.openoffice.org/security/cves/CVE-2012-1149.html
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
Earlier versions may be also affected.
Description:
The vulnerability is caused due to an integer overflow error in the
vclmi.dll module when allocating memory for an embedded image object.
This can be exploited to cause a heap-based buffer overflow via, for
example using a specially crafted JPEG object within a DOC file.
Mitigation
OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to
Apache OpenOffice 3.4. Users who are unable to upgrade immediately
should be cautious when opening untrusted documents.
Credits
The Apache OpenOffice Security Team credits Tielei Wang via
Secunia SVCRP as the discoverer of this flaw.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPs8AZAAoJEGFAoYdHzLzHP18P/jAzoagU2m7A6xmlrnM0obXE
J/+jkn/1T9SeUZqoV8Kxj3Xm079824SkGCfV+Vh449aEjz9mOcYeYdzF/Q2bLHUc
5+RASR10/KGUrONwTW7Y7aHgJKULqACayEAibtJdjTQf2c6bmPQtP0NvqBvqRnwO
I47wgF3nz7yTzmyJxCbM4c2zZl5yZ4fV+PScu4oignKCKWdihGWpyCsC68uaCaNL
/++Ef62uFg0ZhCHxbMeeg6XxG/I0AwDuCjLJucmZiTMFalVRilZ7RAJTq333pZO5
Ll1gOZhVFMahYWUuyRfEvSxthd1/XH8qSqaqZ7iIW636QorSReexCbyU6L8D+/J9
y5Z/ldgjT37/Y2HOtshugZ2/YYasORQRDG6dcfTsagBSz0t6NI8XjZ5HrOv2A+gq
2tUokw5wRWd0U/oi6HZVwbgsE93WlK2TacHKJEs3Ej7g9t/hmeQKlkgczy0DH7WB
sDNadAqJLCzgc/84MY4ZDDSx9bmYUJGwXJwo0yGtZEVdSD9sJbnVqw6pLBZoLXRZ
hAkaBnCJTackjfzaisd7+x+iLVUp1S2fllcTAoNUMehRhjtCP8MCwIqcEQL+QUyj
yQRcFO4+r20NTGNPaAiwanu/H4tUe+HZErh2T/NEWh4LXqrxdQWbVHMTFLM4BNgX
cKjC87ugWCKXVyyTQKiA
=HHf0
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
