Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)
- Synopsis: users opening specially crafted database documents may allow attackers to execute arbitrary static Java code
- State: Resolved
A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.
2. Affected releases
All versions prior to OpenOffice.org 2.3.1
There are no predictable symptoms that would indicate this issue has occurred
There is no workaround. See "Resolution" below.
This issue is addressed in the following releases:
HSQLDB 220.127.116.11 / OpenOffice.org 2.3.1