OpenOffice.org memory overwrite vulnerability
- OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
- Earlier versions may be also affected.
Vendor: The Apache Software Foundation
Effected versions of OpenOffice.org use a customized libwpd that has a memory overwrite vulnerability that could be exploited by a specially crafted Wordperfect WPD-format document, potentially leading to arbitrary-code execution at application user privilege level.
OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4, where WPD files are ignored. Users who are unable to upgrade immediately should be cautious when opening untrusted WPD documents.
The Apache OpenOffice Security Team acknowledges Kestutis Gudinavicius of SEC Consult Unternehmensberatung GmbH as the discoverer of this flaw.