Internet threat level: 1
Home→Descriptions→SA35036
OpenOffice.org Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2009-0200, CVE-2009-0201, CVE-2009-2414, CVE-2009-2416, CVE-2009-3569, CVE-2009-3570, CVE-2009-3571 |
| Release Date |
01 Sep 2009 |
| Last Change |
19 Oct 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
OpenOffice.org 2.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Some vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system. 1) An integer underflow error when parsing certain records can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Word document. 2) A boundary error when parsing certain records can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Word document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 3.1.0. Prior versions may also be affected. 3) Two errors in the processing of XML documents can be exploited to potentially execute arbitrary code via specially crafted XML documents. This is related to: The vulnerabilities are reported in versions prior to 3.1.1 and 2.4.3. |
| Solution |
Update to version 3.1.1 or 2.4.3. |
| Reported by |
1, 2) Dyon Balding, Secunia Research. |
| Original Advisory |
Secunia Research: Sun: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.