OpenOffice.org Integer Overflow in 'vclmi.dll' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID: 1027068|
SecurityTracker URL: http://securitytracker.com/id/1027068
(Links to External Site)
Updated: May 16 2012|
Original Entry Date: May 16 2012
Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): 3.3 and 3.4 Beta; possibly earlier versions|
A vulnerability was reported in OpenOffice.org. A remote user can cause arbitrary code to be executed on the target user's system.|
A remote user can create a specially crafted file that, when loaded by the target user, will trigger an integer overflow in 'vclmi.dll' and execute arbitrary code on the target system. The code will run with the privileges of the target user.
A DOC file with a specially crafted embedded JPEG object can trigger the overflow.
Tielei Wang reported this vulnerability via Secunia SVCRP.
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.|
The vendor has issued a fix (3.4).|
The vendor's advisory is available at:
Vendor URL: www.openoffice.org/security/cves/CVE-2012-1149.html (Links to External Site)
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Subject: [Full-disclosure] CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object|
-----BEGIN PGP SIGNED MESSAGE-----
CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module
when allocating memory for an embedded image object
Vendor: The Apache Software Foundation
OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
Earlier versions may be also affected.
The vulnerability is caused due to an integer overflow error in the
vclmi.dll module when allocating memory for an embedded image object.
This can be exploited to cause a heap-based buffer overflow via, for
example using a specially crafted JPEG object within a DOC file.
OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to
Apache OpenOffice 3.4. Users who are unable to upgrade immediately
should be cautious when opening untrusted documents.
The Apache OpenOffice Security Team credits Tielei Wang via
Secunia SVCRP as the discoverer of this flaw.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/