Lucene search

K
suseSuseSUSE-SA:2008:023
HistoryApr 18, 2008 - 9:57 a.m.

local privilege escalation in OpenOffice_org

2008-04-1809:57:35
lists.opensuse.org
14

0.93 High

EPSS

Percentile

98.8%

This update of OpenOffice fixes various critical security vulnerabilities - heap-overflow when parsing PPT files (CVE-2008-0320) - various buffer-overflows while parsing QPRO files (CVE-2007-5745, CVE-2007-5747) (NLD9 not affected) - integer overflow while parsing EMF files (CVE-2007-5746) - out-of-bound memory access and a heap-overflow in the regex engine of libICU (CVE-2007-4770, CVE-2007-4771) (NLD9 not affected) These vulnerabilities can only by exploited remotely with user-assistance and in conjunction with other software receiving OOo documents over the network (like a kmail attachment). Please note that users of SLED10-SP1 that installed the OOo-2.4 update already have the fixes. 2) Solution or Work-Around

Solution

No work-around known.

0.93 High

EPSS

Percentile

98.8%