OpenOffice.org WordPerfect Library Memory Error Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1027069 |
|
SecurityTracker URL: http://securitytracker.com/id/1027069
|
|
CVE Reference:
CVE-2012-2149
(Links to External Site)
|
Date: May 16 2012
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 3.3 and 3.4 Beta; possibly earlier versions
|
Description:
A vulnerability was reported in OpenOffice.org. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted Wordperfect WPD-format document that, when loaded by the target user, will trigger a memory overwrite flaw and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Kestutis Gudinavicius of SEC Consult Unternehmensberatung GmbH reported this vulnerability.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued a fix (3.4).
The vendor's advisory is available at:
http://www.openoffice.org/security/cves/CVE-2012-2149.html
|
Vendor URL: www.openoffice.org/security/cves/CVE-2012-2149.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 16 May 2012 11:05:03 -0400
Subject: CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CVE-2012-2149 OpenOffice.org memory overwrite vulnerability
Reference: http://www.openoffice.org/security/cves/CVE-2012-2149.html
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
Earlier versions may be also affected.
Description:
Effected versions of OpenOffice.org use a customized libwpd that has a
memory overwrite vulnerability that could be exploited by a specially
crafted Wordperfect WPD-format document, potentially leading to
arbitrary-code execution at application user privilege level.
Mitigation
OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to
Apache OpenOffice 3.4, where WPD files are ignored. Users who are
unable to upgrade immediately should be cautious when opening
untrusted WPD documents.
Credits
The Apache OpenOffice Security Team acknowledges Kestutis Gudinavicius
of SEC Consult Unternehmensberatung GmbH as the discoverer of this flaw.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPs8AeAAoJEGFAoYdHzLzHpw4P/3hRQxaIre8XARxy9JiT+HX3
xCFp+ksNHQBlCf7KUDhy0uz5KFzzrPHKoJCVTXBmMz2CErsIJs5rf4ePZhdj2V96
z87qKRojEbeWQGw1lIfXWnytnk1GpPoSb51vhu20J2g4K0IUCor8LTWisVeeVhFu
TlEaNLreQHn+0fVCdYnCWenWzFqJfWvxcUXi3OSysT7+fAacF63ZayuFhGT6WygP
QXdW8fwhwAnFvwcBU4aSVX0tEpbAvQoZGw4EwlU0Osz6DHhJmlH9BYtsvAGX0amh
6Ow/Rg8J1dOicX7W7+bGcgIeNkBalbbiKrMJ2l5SEBhOkFEi0vOJZwDBqceHDDvC
wXYXAIyLqjyd7uyBslnAPqAVoAt3s4ZpAEHKPXSOpWBe4U6idcFNSM2QOj+IEbic
BROlOFXhJnRi69bowISAXdm6bKX/hvFhu9YhbmEfOE2sczp2FfGZ27W80QAboFG+
tfT9a6KmA3pDeh9OPkxABmjhhisPHuP9oSuz0xOiGjcR2A/d7DCtnEQUeLzTV7WI
wtgrlqkJhezNs7JVDcCEm0qXxAUJVTx9KCYvHPFR3IiuKgZba9Keu88wZs9yd/9f
cKSHOSDj2SZ4f4J3lM+llF/z0zjP/hmaQJgKTNsiaO3xl5AzORXMVH25fn4s9UCk
685l8u67flHuv0Iq+m35
=6F6B
-----END PGP SIGNATURE-----
|
|
