The free and open productivity suite

General links

• Donating Funds
• Mailing Lists
• Report a Bug
• What's New
• Project Guidelines
• Licenses

Search

Advanced search

Google search

How do I...

• Sitemap
• FAQ
• Get help?

start:

CVE-2007-4575

Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)

• Synopsis: users opening specially crafted database documents may allow attackers to execute arbitrary static Java code
• State: Resolved

1. Impact

A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.

2. Affected releases

All versions prior to OpenOffice.org 2.3.1

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following releases:

HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1

---

Security Home -> Bulletin -> CVE-2007-4575