exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apache OpenOffice 3.4.0 Logic Errors

Apache OpenOffice 3.4.0 Logic Errors
Posted Aug 29, 2012
Authored by Timo Warns | Site openoffice.org

When OpenOffice reads an ODF document, it first loads and processes an XML stream within the file called the manifest. Apache OpenOffice 3.4.0 has logic errors that allows a carefully crafted manifest to cause reads and writes beyond allocated buffers.

tags | advisory
advisories | CVE-2012-2665
SHA-256 | 493c97b0d9779ff425aec7f71289318f69ad4df12dd5f0dbdc14075fa27d8e32
Download | Favorite | View

Apache OpenOffice 3.4.0 Logic Errors

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

CVE-2012-2665  Manifest-processing errors in Apache OpenOffice 3.4.0

Reference: http://www.openoffice.org/security/cves/CVE-2012-2665.html

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

Apache OpenOffice 3.4.0, all languages, all platforms.
Earlier versions of OpenOffice.org may be also affected.

Description:

When OpenOffice reads an ODF document, it first loads and processes
an XML stream within the file called the manifest. Apache OpenOffice
3.4.0 has logic errors that allows a carefully crafted manifest to
cause reads and writes beyond allocated buffers.

No specific exploit has been demonstrated in this case, though such
flaws generally are conducive to exploitation, possibly including
denial of service and elevation of privilege.

Mitigation

OpenOffice users are advised to upgrade to Apache OpenOffice 3.4.1:

http://www.openoffice.org/download/

Users who are unable to upgrade immediately should exercise caution
when opening untrusted ODF documents.

Credits

The Apache OpenOffice Security Team acknowledges Timo Warns of
PRESENSE Technologies GmbH as the discoverer of these flaws.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQO9pNAAoJEGFAoYdHzLzHMTgP/RhtW9cIbb1YgNiQIjZgmhfd
EfTDVsVa/mhSVwCcMF5oyJN1SYrscxK94NlcXOAhWZ/utPwCLev5Pv3BE8Y1gZ8Y
LJoGtFaxbByzbixAOtOqAWR3b84QM2wjDgqd6Cf7Yio00Wgeqs4vrvAkwCCNKroa
7iOZfhw/3kV8spiMIYTESz+OIzZ09NOz9G36hFn3Yn5CHTcbO0sPE9hJGVhE8Y6Q
92plJKcAgXFv8hdjQwGeda8H40jQqv86/FbDtn9muMtJICozlHQyhdk26E3up0Yo
IUnN522h4PJyq3zvs9GRbLPh6RS3zpMt82Sz6MG8lgKkKcGFxmjGHHQeFTh2QLd9
opghFYVtYjHdDnj9g5/iKEPkXxE//DXDtrfk/AP29WOMSupXwh5yq5blvpUmFODB
FdfBxPyefRmYWarA1DN5IhnT17MjyHlrAX/wY6NJjurjsJWCKpbc2jeaNgmLMTDH
IBiKWygALM7E2Qk/a3cRKCfFdsJxAQ15UMFNzTh6k4iXyWZpzDoBg+DPpN6GCHQy
SyH8aOSjufuCyGk/yoS6d+NZcl91g3FSsvnP/8nuCsYex5GKVLR/ffXi4YIcKDQK
6Z2tgGLn6xadmj63hWb91GMvIfw1n9mJ9JXGn0gzhnr5xvix+JOGKKjW9tvV492S
WCdOJJ8o6cV4lJqeIeGm
=xMKS
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    39 Files
  • 7
    Jun 7th
    22 Files
  • 8
    Jun 8th
    17 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close