Manipulated Word documents can lead to heap overflows and arbitrary code execution
- Synopsis: Manipulated WMF files can lead to heap overflows and arbitrary code execution
- State: Resolved
A security vulnerability with the way OpenOffice.org processes Word
documents may allow a remote unprivileged user who provides a Word document
that is opened by a local user to execute arbitrary commands on the system
with the privileges of the user running OpenOffice.org.
No working exploit is known right now.
2. Affected releases
- All versions of OpenOffice.org 3 prior to version 3.1.1
- All versions of OpenOffice.org 2 prior to version 2.4.3
- All versions of OpenOffice.org 1
There are no predictable symptoms that would indicate this issue has occurred.
There is no workaround. See "Resolution" below.
This issue is addressed in the following releases:
- OpenOffice.org 3.1.1
- OpenOffice.org 2.4.3
OpenOffice.org acknowledges with thanks, Dyon Balding of Secunia Research.