|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593
|
| |
Vulnerable Systems:
* OpenOffice version 2.0.4
Immune Systems:
* OpenOffice version 2.3
These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When parsing the TIFF directory entries for certain tags, the parser uses untrusted values from the file to calculate the amount of memory to allocate. By providing specially crafted values, an integer overflow occurs in this calculation. This results in the allocation of a buffer of insufficient size, which in turn leads to a heap overflow.
Analysis:
Exploitation of these vulnerabilities allows an attacker to execute arbitrary code with the privileges of the user opening the file.
Exploitation requires that an attacker persuade a targeted user into opening a maliciously crafted document. This could be accomplished by hosting the document on a web site, sending the document via electronic mail, or other means.
Vendor response:
The OpenOffice.org team has addressed these vulnerabilities with the release of version 2.3. For more information, consult the OOo Security Bulletin at the following URL. http://www.openoffice.org/security/cves/CVE-2007-2834.html
CVE Information:
CVE-2007-2834
Disclosure Timeline:
05/01/2007 - Initial vendor notification
06/14/2007 - Initial vendor response
09/17/2007 - Coordinated public disclosure
|
|
|
|
|
