OpenOffice RTF File Parsing Buffer Overflow Vulnerability

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
252.592
Località
Torino
Secunia Advisory: SA25648
Release Date: 2007-06-13

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: OpenOffice 1.0.x
OpenOffice 1.1.x
OpenOffice.org 2.x

CVE reference: CVE-2007-0245 (Secunia mirror)




Description:
A vulnerability has been reported in OpenOffice, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the parsing of RTF files and can be exploited to cause a heap based buffer overflow via a specially crafted RTF file.

Successful exploitation may allow execution of arbitrary code.

Solution:
Do not open untrusted RTF files.



Bollettino Secunia
 
Indietro
Alto Basso