Skip to main content

Apache OpenOffice Remote Code Execution Vulnerabilities

Last Update Date: 7 Dec 2015 Release Date: 9 Nov 2015 3686 Views

RISK: High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Multiple vulnerabilities have been identified in Apache OpenOffice, which can be exploited by remote attacker to execute arbitrary code on the target system.

  • A remote user can create a specially crafted document that, when loaded by the target user, will trigger a bug in the handling of files and templates and access arbitrary documents on the target user's system.
  • A remote user can create an ODF file containing specially crafted PrinterSetup data that, when loaded by the target user, will execute arbitrary code on the target user's system.
  • A remote user can create a specially crafted DOC file that, when loaded by the target user, will trigger an integer overflow and execute arbitrary code on the target user's system.
  • A remote user can create a DOC file with specially crafted bookmarks that, when loaded by the target user, will trigger an array index error and execute arbitrary code on the target user's system.

Impact

  • Remote Code Execution

System / Technologies affected

  • Apache OpenOffice v4.1.1 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (4.1.2).

Vulnerability Identifier


Source


Related Link