openoffice -- DOC document heap overflow vulnerability

2005-04-11T00:00:00
ID B206DD82-AC67-11D9-A788-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-04-20T00:00:00

Description

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker to crash OpenOffice, or potentially execute arbitrary code as the user running OpenOffice, by tricking an user into opening a specially crafted DOC document.