OpenOffice RTF File Parser Buffer Overflow Vulnerability
TITLE: OpenOffice RTF File Parser Buffer Overflow Vulnerability
CLASS: Boundary Condition Error
CVE: CVE-2007-0245
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 15 2007 08:19PM
CREDIT: John Heasman is credited with the discovery of this vulnerability.
VULNERABLE:
Sun StarSuite 8 Update 7NOT VULNERABLE:
Sun StarSuite 8 Update 6
Sun StarSuite 8
Sun StarSuite 7 PP9
Sun StarSuite 7
Sun StarSuite 6 PP6
Sun StarSuite 6
Sun StarOffice 7.0
Sun StarOffice 8.0
Sun StarOffice 8 Update 7
Sun StarOffice 8 Update 6
Sun StarOffice 7.0 PP9
Sun StarOffice 6.0 PP6
Sun StarOffice 6.0
RedHat Fedora Core6
RedHat Enterprise Linux Optional Productivity Application v.5 server
RedHat Enterprise Linux Desktop v.5 client
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Desktop 4.0
RedHat Desktop 3.0
OpenOffice OpenOffice 2.0.4
OpenOffice OpenOffice 2.0.3 -1
OpenOffice OpenOffice 2.0.3
OpenOffice OpenOffice 2.0.2
OpenOffice OpenOffice 2.0.1
OpenOffice OpenOffice 2.0 Beta
OpenOffice OpenOffice 2.2
OpenOffice OpenOffice 2.1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 mipsel
Debian Linux 4.0 mips
Debian Linux 4.0 m68k
Debian Linux 4.0 ia-64
Debian Linux 4.0 ia-32
Debian Linux 4.0 hppa
Debian Linux 4.0 arm
Debian Linux 4.0 amd64
Debian Linux 4.0 alpha
Debian Linux 4.0
OpenOffice OpenOffice 2.2.1
Vai alla pagina originale su Security Focus
Discussion
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.
Exploit
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
Solution
Solution:
Please see the referenced advisories for details on obtaining the appropriate updates.
Sun StarSuite 8 Update 7
- Sun 120188-10
Linux Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120188-10-1 - Sun 120189-11
Sparc Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120189-11-1 - Sun 120190-11
x86 Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120190-11-1 - Sun 120191-10
Windows Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120191-10-1
Sun StarOffice 7.0 PP9
- Sun 116518-14
Linux Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-116518-14-1 - Sun 116519-14
Sparc Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-116519-14-1 - Sun 116529-13
Windows Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-116520-13-1 - Sun 117073-12
x86 Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-117073-12-1
Sun StarOffice 8 Update 7
- Sun 120184-10
Linux Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120184-10-1 - Sun 120185-11
Sparc Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120185-11-1 - Sun 120186-11
x86Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120186-11-1 - Sun 120187-10
Windows Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-120187-10-1
OpenOffice OpenOffice 2.2
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
Sun StarOffice 6.0
- Sun 112885-08
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-112885-08-1 - Sun 112886-08
x86 Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-112886-08-1 - Sun 112887-08
Linux Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-112887-08-1 - Sun 112888-08
Windows Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-112888-08-1
OpenOffice OpenOffice 2.1
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
Sun StarSuite 7
- Sun 116518-14
Linux Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-116518-14-1 - Sun 116529-13
Windows Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-116520-13-1 - Sun 117073-12
x86 Platform
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21-117073-12-1
OpenOffice OpenOffice 2.0 Beta
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
OpenOffice OpenOffice 2.0.1
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
OpenOffice OpenOffice 2.0.2
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
OpenOffice OpenOffice 2.0.3
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
OpenOffice OpenOffice 2.0.3 -1
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
OpenOffice OpenOffice 2.0.4
- OpenOffice OpenOffice 2.2.1
http://download.openoffice.org/2.2.1/index.html
References
References:
- OpenOffice Homepage (OpenOffice)
- OpenOffice.org 2.2.1 (build OOF680_m18) - Release Notes (OpenOffice)
- rpms/openoffice.org/FC-6 openoffice.org-2.2.1.ooo77214.rtfprtdata.sw.patch, NONE (Red Hat)
- High risk vulnerability in OpenOffice RTF parser (NGSSoftware Insight Security Research)
- RHSA-2007:0406-5 openoffice.org security update (Red Hat)
- Sun Alert ID: 102917 Security Vulnerability with Manipulated RTF Files May Lead (Sun)