Wednesday, October 29, 2008

Vulnerabilities In OpenOffice 2.x Software

There has been found two vulnerabilities in OpenOffice software. The vulnerabilities are related to WMF and EMF file processing. Due to the lack of proper checks it's possible to cause buffer overflow in target system. Vulnerabilities can be exploited by attracting a user to open specially crafted StarOffice/StarSuite document. Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

Affected are all OpenOffice 2.x versions prior 2.4.2. OpenOffice users are instructed to update their version to 2.4.2 or 3.0.0 which is not affected by the vulnerabilities.

More information on the vulnerabilities:
CVE-2008-2237
CVE-2008-2238

No comments: