OpenOffice.org has shipped a new version of the desktop productivity suite to patch six vulnerabilities that could expose users to malicious hacker attacks.

The flaws fixed in OpenOffice.org 3.2 could be exploited via GIF, XPM files and Microsoft Word document processing, according to an advisory released by the open-source group.

Here’s the skinny of the vulnerabilities:

CVE-2006-4339: Potential
vulnerability from 3rd party libxml2 libraries
CVE-2009-0217: Potential
vulnerability from 3rd party libxmlsec libraries
CVE-2009-2493: OpenOffice.org 3
for Windows bundles a vulnerable version of MSVC Runtime
CVE-2009-2949: Potential
vulnerability related to XPM file processing
CVE-2009-2950: Potential
vulnerability related to GIF file processing
CVE-2009-3301/2: Potential
vulnerability related to MS-Word document processing

OpenOffice.org users are strongly urged to download and apply the patches.

References

download.openoffice.org/

www.openoffice.org/security/cves/CVE-2006-4339.html

www.openoffice.org/security/cves/CVE-2009-0217.html

www.openoffice.org/security/cves/CVE-2009-2493.html

www.openoffice.org/security/cves/CVE-2009-2949.html

www.openoffice.org/security/cves/CVE-2009-2950.html

www.openoffice.org/security/cves/CVE-2009-3301-3302.html

threatpost.com/openoffice-zaps-six-security-bugs-021810/

nessus 47

openvas 70

freebsd 3

suse 1

centos 3

debian 8

osv 3

ubuntu 2

oraclelinux 1

fedora 7

redhat 3

prion 5

cve 6

seebug 1

securityvulns 7

mskb 2

checkpoint_advisories 5

altlinux 3

debiancve 1

openssl 1

gentoo 1

f5 2

slackware 2

freebsd_advisory 1

veracode 4

jvn 1

checkpoint_security 1

ubuntucve 5

cert 2

github 1

nessus

OpenOffice < 3.2 Multiple Vulnerabilities

2010-02-15 00:00:00

Sun OpenOffice.org < 3.2 Multiple Vulnerabilities

2010-02-12 00:00:00

FreeBSD : openoffice.org -- multiple vulnerabilities (c97d7a37-2233-11df-96dd-001b2134ef46)

2010-03-01 00:00:00

openvas

FreeBSD Ports: openoffice.org

2010-03-16 00:00:00

FreeBSD Ports: openoffice.org

2010-03-16 00:00:00

Ubuntu: Security Advisory (USN-903-1)

2010-03-02 00:00:00

freebsd

openoffice.org -- multiple vulnerabilities

2006-08-24 00:00:00

openssl -- Incorrect PKCS#1 v1.5 padding validation in crypto(3)

2006-09-06 00:00:00

opera -- RSA Signature Forgery

2006-09-18 00:00:00

suse

remote code execution in OpenOffice_org

2010-03-16 16:11:32

centos

openoffice.org, openoffice.org2 security update

2010-02-13 23:15:08

openssl, openssl096b security update

2006-09-08 09:58:00

openssl, openssl095a, openssl096 security update

2006-09-11 00:52:04

debian

[Backports-security-announce] Security Update for openoffice.org

2010-02-12 20:45:28

[SECURITY] [DSA 1995-1] New openoffice.org packages fix several vulnerabilities

2010-02-12 18:23:02

[Backports-security-announce] Security Update for openoffice.org

2010-02-12 20:39:53

osv

openoffice.org - several

2010-02-12 00:00:00

openssl - cryptographic weakness

2006-09-10 00:00:00

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

2022-05-02 03:13:38

ubuntu

OpenOffice.org vulnerabilities

2010-02-24 00:00:00

OpenSSL vulnerability

2006-09-05 00:00:00

oraclelinux

openoffice.org security update

2010-02-12 00:00:00

fedora

[SECURITY] Fedora 12 Update: openoffice.org-3.1.1-19.26.fc12

2010-02-16 13:06:14

[SECURITY] Fedora 11 Update: openoffice.org-3.1.1-19.12.fc11

2010-02-16 13:24:28

[SECURITY] Fedora 11 Update: openoffice.org-3.1.1-19.13.fc11

2010-06-07 22:26:04

redhat

(RHSA-2010:0101) Important: openoffice.org security update

2010-02-12 00:00:00

(RHSA-2006:0661) openssl security update

2006-09-06 00:00:00

(RHSA-2009:1428) Moderate: xmlsec1 security update

2009-09-08 00:00:00

prion

Design/Logic Flaw

2009-07-29 17:30:00

Heap overflow

2010-02-16 19:30:00

Integer overflow

2010-02-16 19:30:00

cve

CVE-2009-2493

2009-07-29 17:30:00

CVE-2006-4339

2006-09-05 17:04:00

CVE-2009-2950

2010-02-16 19:30:00

seebug

Microsoft Visual Studio ATL COM对象远程代码执行漏洞

2009-07-29 00:00:00

securityvulns

Microsoft Security Bulletin MS09-055 - Critical Cumulative Security Update of ActiveX Kill Bits (973525)

2009-10-13 00:00:00

iDefense Security Advisory 07.28.09: Multiple Vendor Microsoft ATL/MFC ActiveX Security Bypass Vulnerability

2009-08-20 00:00:00

OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339)

2006-09-05 00:00:00

mskb

MS09-055: Cumulative Security Update of ActiveX Kill Bits

2020-04-13 02:02:28

MS10-041: Vulnerabilities in the Microsoft .NET Framework that could allow tampering

2012-05-08 22:34:55

checkpoint_advisories

Microsoft Outlook View ActiveX Controls Remote Code Execution (MS09-055; CVE-2009-2493)

2009-10-01 00:00:00

Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability

2006-11-13 00:00:00

OpenOffice.org XPM File Processing Integer Overflow (CVE-2009-2949)

2010-05-12 00:00:00

altlinux

Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt4

2006-09-06 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt4

2006-09-06 00:00:00

debiancve

CVE-2006-4339

2006-09-05 17:04:00

openssl

Vulnerability in OpenSSL CVE-2006-4339

2006-09-05 00:00:00

gentoo

OpenSSL, AMD64 x86 emulation base libraries: RSA signature forgery

2006-09-07 00:00:00

SOL6623 - OpenSSL signature vulnerability - CVE-2006-4339

2007-05-16 00:00:00

K6623 : OpenSSL signature vulnerability - CVE-2006-4339

2013-03-26 00:00:00

slackware

[slackware-security] openssl

2006-09-14 22:05:20

[slackware-security] bind

2006-11-07 06:26:27

freebsd_advisory

FreeBSD-SA-06:19.openssl

2006-09-06 00:00:00

veracode

Arbitrary Code Execution

2020-04-10 00:47:11

Arbitrary Code Execution

2020-04-10 00:47:11

Arbitrary Code Execution

2020-04-10 00:47:11

jvn

JVN#51615542: Adobe Reader fails to properly handle signatures

2012-08-30 00:00:00

checkpoint_security

OpenSSL CVE-2006-4339 8732 vulnerability Fix

2006-10-18 22:00:00

ubuntucve

CVE-2006-4339

2006-09-05 00:00:00

CVE-2009-2950

2010-02-16 00:00:00

CVE-2009-3301

2010-02-16 00:00:00

cert

Multiple RSA implementations fail to properly handle signatures

2006-09-11 00:00:00

XML signature HMAC truncation authentication bypass

2009-07-14 00:00:00

github

Apache XML Security For Java vulnerable to authentication bypass by HMAC truncation

2022-05-02 03:13:38

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.973 High

EPSS

Percentile

99.8%

JSON

Related for THREATPOST:DA06EE238F79D261C0FCB61902F3CDBD