OpenOffice Confirms Buffer Overflow Flaw

Help and Discussion

Moderator: The Mod Squad

OpenOffice Confirms Buffer Overflow Flaw

Postby Oylpann » Tue Apr 12, 2005 10:38 pm

eWeek

April 12, 2005

The OpenOffice.org community on Tuesday confirmed the existence of a potentially serious heap-overflow vulnerability in its freely distributed office productivity suite.

The flaw affects OpenOffice Version 1.1.4 and prior and OpenOffice Version 2.0-dev and prior and could put users at risk of code execution attacks.

OpenOffice.org community manager Louis Suarez-Potts confirmed that the vulnerability was discovered in the "StgCompObjStream::Load()" function and occurs when handling a specially crafted ".doc" file.

This could potentially be exploited by attackers to compromise a vulnerable system by convincing a user to open a malicious document with an unpatched application.

"We learned of this March 31 and will be working on it immediately. A patch is ready but it is still going through [quality assurance] testing," Suarez-Potts told eWEEK.com. The update is expected to be available for general download within two days.
"You cant hug your family with Nuclear Arms"

Asus F2A85-V Pro
AMD A10-5800K APU @ 4.5GHz
8GB G. Skill 1866
550w PSU
Hyper 212 Evo
Oylpann
Black Belt 3rd Degree
Black Belt 3rd Degree
 
Posts: 3844
Joined: Wed Nov 10, 2004 7:42 pm
Location: Oklahoma City, OK

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 2 guests