CVE-2015-5213: .DOC DOCUMENT VULNERABILITY
Fixed in Apache OpenOffice 4.1.2
Title: Memory Corruption Vulnerability (DOC Piecetable)
Announced November 4, 2015
A crafted Microsoft Word DOC file can be used to specify a document buffer that is too small for the amount of data provided for it. Failure to detect the discrepancy allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.
There are no known exploits of this vulnerabilty.
A proof-of-concept demonstration exists.
Vendor: The Apache Software Foundation
All Apache OpenOffice versions 4.1.1 and older are affected.
OpenOffice.org versions are also affected.
Apache OpenOffice users are urged to download and install Apache OpenOffice version 4.1.2 or later. DOC files having the defect are detected and made ineffective in 4.1.2.
Users who do not upgrade to Apache OpenOffice 4.1.2 should be careful of .DOC files from unknown or unreliable sources. A Microsoft Word 97-2003 DOC format file can be checked by opening with software, such as Microsoft Office Word or Word Online, that rejects documents having this defect as corrupted.
The latest information on Apache OpenOffice security bulletins can be found at the Bulletin Archive page.
The discoverer of this vulnerability wishes to remain anonymous.