Language

The Free and Open Productivity Suite
Released: Apache OpenOffice 4.1.15

CVE-2007-4575

Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)

1. Impact

A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user.

2. Affected releases

All versions prior to OpenOffice.org 2.3.1

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following releases:

HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1


Security Home -> Bulletin -> CVE-2007-4575

Apache Software Foundation

Copyright & License | Privacy | Contact Us | Donate | Thanks

Apache, OpenOffice, OpenOffice.org and the seagull logo are registered trademarks of The Apache Software Foundation. The Apache feather logo is a trademark of The Apache Software Foundation. Other names appearing on the site may be trademarks of their respective owners.