Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16596
HistoryApr 05, 2007 - 12:00 a.m.

High Risk Vulnerability in OpenOffice

2007-04-0500:00:00
vulners.com
7
JSON

John Heasman of NGSSoftware has discovered a high risk vulnerability
in the handling of StarCalc documents within OpenOffice.

The vulnerability affects all versions of OpenOffice prior to 2.2. If
an attacker can coax a user into opening a specially crafted StarCalc
document then the attacker can execute arbitrary code in the security
context of their victim.

Details

1) sc\source\filter\starcalc\scflt.cxx

USHORT NoteLen;
rStream >> NoteLen;
if (NoteLen != 0)
{
sal_Char Note[4096];
rStream.Read(Note, NoteLen);
Note[NoteLen] = 0;
String aText( SC10TOSTRING(Note));
ScPostIt aNote(aText, pDoc);
pDoc->SetNote(Col, static_cast<SCROW> (Row), Tab, aNote );
}

There is a stack overflow when copying more than 4096 characters into
the Note buffer.

Solution

This issue has now been resolved; OpenOffice users are strongly recommended
to install OpenOffice 2.2, apply OpenOffice patch 1.1.5 or obtain the
latest OpenOffice packages appropriate to their distribution.

Further information on this issue may be found at:

http://www.openoffice.org/security/CVE-2007-0238

NGSSoftware Insight Security Research
http://www.ngssoftware.com
http://www.databasesecurity.com/
http://www.nextgenss.com/
+44(0)208 401 0070


E-MAIL DISCLAIMER

The information contained in this email and any subsequent
correspondence is private, is solely for the intended recipient(s) and
may contain confidential or privileged information. For those other than
the intended recipient(s), any disclosure, copying, distribution, or any
other action taken, or omitted to be taken, in reliance on such
information is prohibited and may be unlawful. If you are not the
intended recipient and have received this message in error, please
inform the sender and delete this mail and any attachments.

The views expressed in this email do not necessarily reflect NGS policy.
NGS accepts no liability or responsibility for any onward transmission
or use of emails and attachments having left the NGS domain.

NGS and NGSSoftware are trading names of Next Generation Security
Software Ltd. Registered office address: 52 Throwley Way, Sutton, SM1
4BF with Company Number 04225835 and VAT Number 783096402

Related

ubuntucve 1
prion 1
cve 1
openvas 10
redhat 2
fedora 3
ubuntu 1
nessus 30
securityvulns 1
debian 2
gentoo 1
centos 1
suse 1
osv 1
oraclelinux 1
ubuntucve
ubuntucve
CVE-2007-0238
2007-03-21 00:00:00
prion
prion
Stack overflow
2007-03-21 19:19:00
cve
cve
CVE-2007-0238
2007-03-21 19:19:00
openvas
openvas
Mandriva Update for openoffice.org MDKSA-2007:073 (openoffice.org)
2009-04-09 00:00:00
Fedora Update for openoffice.org FEDORA-2007-376
2009-02-27 00:00:00
Mandriva Update for openoffice.org MDKSA-2007:073 (openoffice.org)
2009-04-09 00:00:00
redhat
redhat
(RHSA-2007:0069) Important: openoffice.org security update
2007-03-22 00:00:00
(RHSA-2007:0033) Important: openoffice.org security update
2007-03-22 00:00:00
fedora
fedora
[SECURITY] Fedora Core 6 Update: openoffice.org-2.0.4-5.5.17
2007-03-27 16:20:47
[SECURITY] Fedora Core 5 Update: openoffice.org-2.0.2-5.21.2
2007-03-27 16:13:18
[SECURITY] Fedora Core 5 Update: openoffice.org-2.0.2-5.22.2
2007-06-25 17:32:48
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2007-03-27 00:00:00
nessus
nessus
Fedora Core 6 : openoffice.org-2.0.4-5.5.17 (2007-376)
2007-04-05 00:00:00
Fedora Core 5 : openoffice.org-2.0.2-5.21.2 (2007-375)
2007-04-05 00:00:00
Ubuntu 5.10 / 6.06 LTS / 6.10 : openoffice.org(2)/-amd64, ia32-libs-openoffice.org vulnerabilities (USN-444-1)
2007-11-10 00:00:00
securityvulns
securityvulns
Multiple OpenOffice security vulnerabilities
2007-04-05 00:00:00
debian
debian
[SECURITY] [DSA 1270-2] New OpenOffice.org packages fix several vulnerabilities
2007-03-28 18:03:13
[SECURITY] [DSA 1270-1] New OpenOffice.org packages fix several vulnerabilities
2007-03-20 19:40:03
gentoo
gentoo
OpenOffice.org: Multiple vulnerabilities
2007-04-16 00:00:00
centos
centos
openoffice.org security update
2007-03-23 11:51:20
suse
suse
remote code execution in OpenOffice_org,libwpd
2007-03-21 11:37:17
osv
osv
openoffice.org - several vulnerabilities
2007-03-20 00:00:00
oraclelinux
oraclelinux
Important: openoffice.org security update
2007-03-22 00:00:00
JSON
Related for SECURITYVULNS:DOC:16596
ubuntucve1prion1cve1openvas10redhat2fedora3ubuntu1nessus30securityvulns1debian2gentoo1centos1suse1osv1oraclelinux1