[security-alerts] FW: [SA24588] OpenOffice.org Multiple Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> OpenOffice.org Multiple Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA24588
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24588/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> OpenOffice.org 2.x
> http://secunia.com/product/6157/
> OpenOffice 1.1.x
> http://secunia.com/product/302/
> OpenOffice 1.0.x
> http://secunia.com/product/303/
> 
> DESCRIPTION:
> Some vulnerabilities have been reported in OpenOffice.org, which
> potentially can be exploited by malicious people to compromise a
> user's system.
> 
> 1) Several vulnerabilities within the libwpd library used by
> OpenOffice.org can be exploited to cause heap-based buffer overflows
> and may allow the execution of arbitrary code by e.g. tricking a user
> into opening a specially crafted WordPerfect document.
> 
> For more information:
> SA24507
> 
> 2) A boundary error within the StarCalc parser can be exploited to
> cause a stack-based buffer overflow and may allow execution of
> arbitrary code by e.g. tricking a user into opening a specially
> crafted document.
> 
> 3) Shell meta characters are not correctly escaped, which can be
> exploited to inject and execute arbitrary shell commands by e.g.
> tricking a user into opening a specially crafted document and
> clicking a malicious link.
> 
> SOLUTION:
> Do not open untrusted documents.
> 
> PROVIDED AND/OR DISCOVERED BY:
> 1) Originally discovered by an anonymous researcher. Further research
> by Sean Larsson from iDefense revealed additional vulnerabilities.
> 2) Debian credits Next Generation Security.
> 3) Reported in a Debian advisory.
> 
> ORIGINAL ADVISORY:
> http://www.debian.org/security/2007/dsa-1270
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=490
> 
>