SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apache OpenOffice Vendors:   OpenOffice.org
(Red Hat Issues Fix for OpenOffice) libwpd Buffer Overflows Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1017811
SecurityTracker URL:  http://securitytracker.com/id/1017811
CVE Reference:   CVE-2007-0002, CVE-2007-1466   (Links to External Site)
Date:  Mar 22 2007
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in libwpd. A remote user can cause arbitrary code to be executed on the target user's system. OpenOffice is affected.

A remote user can create a specially crafted WordPerfect document that, when loaded by the target user, will trigger an integer overflow or heap overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user or the application using libwpd.

The WP6GeneralTextPacket::_readContents() function, WP3TablesGroup::_readContents() function, and WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup() functions are affected.

The vendor was notified on January 11, 2007.

iDefense reported the WP6GeneralTextPacket vulnerability.and Sean Larsson from iDefense Labs discovered the other vulnerabilities.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Red Hat has issued a fix for OpenOffice, which is affected by this libwpd vulnerability.

The Red Hat advisory is available at:

http://rhn.redhat.com/errata/RHSA-2007-0033.html

Cause:   Boundary error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  3, 4

Message History:   This archive entry is a follow-up to the message listed below.
Mar 16 2007 libwpd Buffer Overflows Let Remote Users Execute Arbitrary Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC