CVE-2012-2149 OpenOffice.org memory overwrite vulnerability

2012-05-21T00:00:00
ID SECURITYVULNS:DOC:28085
Type securityvulns
Reporter Securityvulns
Modified 2012-05-21T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512

CVE-2012-2149 OpenOffice.org memory overwrite vulnerability

Reference: http://www.openoffice.org/security/cves/CVE-2012-2149.html

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

OpenOffice.org 3.3 and 3.4 Beta, on all platforms. Earlier versions may be also affected.

Description:

Effected versions of OpenOffice.org use a customized libwpd that has a memory overwrite vulnerability that could be exploited by a specially crafted Wordperfect WPD-format document, potentially leading to arbitrary-code execution at application user privilege level.

Mitigation

OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4, where WPD files are ignored. Users who are unable to upgrade immediately should be cautious when opening untrusted WPD documents.

Credits

The Apache OpenOffice Security Team acknowledges Kestutis Gudinavicius of SEC Consult Unternehmensberatung GmbH as the discoverer of this flaw. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJPs8AeAAoJEGFAoYdHzLzHpw4P/3hRQxaIre8XARxy9JiT+HX3 xCFp+ksNHQBlCf7KUDhy0uz5KFzzrPHKoJCVTXBmMz2CErsIJs5rf4ePZhdj2V96 z87qKRojEbeWQGw1lIfXWnytnk1GpPoSb51vhu20J2g4K0IUCor8LTWisVeeVhFu TlEaNLreQHn+0fVCdYnCWenWzFqJfWvxcUXi3OSysT7+fAacF63ZayuFhGT6WygP QXdW8fwhwAnFvwcBU4aSVX0tEpbAvQoZGw4EwlU0Osz6DHhJmlH9BYtsvAGX0amh 6Ow/Rg8J1dOicX7W7+bGcgIeNkBalbbiKrMJ2l5SEBhOkFEi0vOJZwDBqceHDDvC wXYXAIyLqjyd7uyBslnAPqAVoAt3s4ZpAEHKPXSOpWBe4U6idcFNSM2QOj+IEbic BROlOFXhJnRi69bowISAXdm6bKX/hvFhu9YhbmEfOE2sczp2FfGZ27W80QAboFG+ tfT9a6KmA3pDeh9OPkxABmjhhisPHuP9oSuz0xOiGjcR2A/d7DCtnEQUeLzTV7WI wtgrlqkJhezNs7JVDcCEm0qXxAUJVTx9KCYvHPFR3IiuKgZba9Keu88wZs9yd/9f cKSHOSDj2SZ4f4J3lM+llF/z0zjP/hmaQJgKTNsiaO3xl5AzORXMVH25fn4s9UCk 685l8u67flHuv0Iq+m35 =6F6B -----END PGP SIGNATURE-----