Jump to content

Advisories MDVSA-2010:221: openoffice.org


paul
 Share

Recommended Posts

Multiple vulnerabilities was discovered and corrected in the

OpenOffice.org:

 

Integer overflow allows remote attackers to execute arbitrary code

via a crafted XPM file that triggers a heap-based buffer overflow

(CVE-2009-2949).

 

Heap-based buffer overflow allows remote attackers to cause a denial

of service (application crash) or possibly execute arbitrary code

via a crafted GIF file, related to LZW decompression (CVE-2009-2950).

 

Integer underflow allows remote attackers to cause a denial of

service (application crash) or possibly execute arbitrary code via

a crafted sprmTDefTable table property modifier in a Word document

(CVE-2009-3301).

 

boundary error flaw allows remote attackers to cause a denial of

service (application crash) or possibly execute arbitrary code via

a crafted sprmTSetBrc table property modifier in a Word document

(CVE-2009-3302).

 

Lack of properly enforcing Visual Basic for Applications (VBA) macro

security settings, which allows remote attackers to run arbitrary

macros via a crafted document (CVE-2010-0136).

 

User-assisted remote attackers are able to bypass Python macro

security restrictions and execute arbitrary Python code via a crafted

OpenDocument Text (ODT) file that triggers code execution when the

macro directory structure is previewed (CVE-2010-0395).

 

Impress module does not properly handle integer values associated

with dictionary property items, which allows remote attackers to

cause a denial of service (application crash) or possibly execute

arbitrary code via a crafted PowerPoint document that triggers a

heap-based buffer overflow, related to an integer truncation error

(CVE-2010-2935).

 

Integer overflow in the Impress allows remote attackers to cause a

denial of service (application crash) or possibly execute arbitrary

code via crafted polygons in a PowerPoint document that triggers a

heap-based buffer overflow (CVE-2010-2936).

 

Packages for 2009.0 are provided as of the Extended Maintenance

Program. Please visit this link to learn more:

http://store.mandriva.com/product_info.php?cPath=149&products_id=490

 

This update provides OpenOffice.org packages have been patched to

correct these issues and additional dependent packages.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...