logo
DATABASE RESOURCES PRICING ABOUT US

OpenOffice 4.1.1 -- multiple vulnerabilities

Description

The Apache OpenOffice Project reports: A vulnerability in OpenOffice settings of OpenDocument Format files and templates allows silent access to files that are readable from an user account, over-riding the user's default configuration settings. Once these files are imported into a maliciously-crafted document, the data can be silently hidden in the document and possibly exported to an external party without being observed. The Apache OpenOffice Project reports: A crafted ODF document can be used to create a buffer that is too small for the amount of data loaded into it, allowing an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code. The Apache OpenOffice Project reports: A crafted Microsoft Word DOC file can be used to specify a document buffer that is too small for the amount of data provided for it. Failure to detect the discrepancy allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code. The Apache OpenOffice Project reports: A crafted Microsoft Word DOC can contain invalid bookmark positions leading to memory corruption when the document is loaded or bookmarks are manipulated. The defect allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.


Affected Package


OS OS Version Package Name Package Version
FreeBSD any apache-openoffice 4.1.2
FreeBSD any apache-openoffice-devel 4.2.1705368,3

Related