Skip to main content

LibreOffice/OpenOffice.org XML Manifest Encryption Handling Heap Overflows Vulnerability

Last Update Date: 29 Aug 2012 Release Date: 2 Aug 2012 5336 Views

RISK: High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

A vulnerability was reported in LibreOffice/OpenOffice.org. A remote user can cause arbitrary code to be executed on the target user's system.

 

A remote user can create a specially crafted Open Document Format for Office Applications (ODF) format file that, when loaded by the target user, will trigger a buffer overflow in the XML manifest encryption handling codeand execute arbitrary code on the target user's system. The code will run with the privileges of the target user.


Impact

  • Remote Code Execution

System / Technologies affected

  • LibreOffice prior to versions 3.5.5 and 3.6.0
  • OpenOffice.org 3.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link