Vulnerability: compromise of system in LibreOffice

Posted: September 5, 2012 in Vulnerabilities
Tags: ,

LibreOfficeAffected products: LibreOffice 3.x

Affected versions: LibreOffice versions up to 3.5.5.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

1. An error in the processing hierarchy of tags in XML-files. This can be exploited to cause a heap overflow.

2. The vulnerability is caused due to a boundary error when duplicating some tags in XML-files. This can be exploited to cause a heap overflow.

3. An error in the implementation of the decoder Base64 when exporting XML-files. This can be exploited to cause a heap overflow.

Successful exploitation allows execution of arbitrary code, but requires that the victim opens a specially crafted ODF-file.

Manufacturer URL: http://www.libreoffice.org/

Solution: Install the latest version 3.5.5 from the manufacturer.

links:

http://www.libreoffice.org/advisories/CVE-2012-2665/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s