Zero Day

Code execution flaws haunt OpenOffice

Posted in:

Arbitrary Code Execution
Botnets
Browsers
Data theft
Denial of Service (DoS)
Malware
Open source
Passwords
Patch Watch
Responsible disclosure
Spam and Phishing
Spyware and Adware
Vulnerability research

OpenOffice.org has shipped a new version of the open-source desktop productivity suite to patch a pair of highly-critical vulnerabilities that could expose users to arbitrary code execution attacks. The flaws, which affect all versions prior to OpenOffice.org 2.4.2, could be exploited via manipulated WMF and EMF files in StarOffice or StarSuite documents. The skinny:

CVE-2008-2237: A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now. There is no workaround.

CVE-2008-2238: A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now. There is no workaround.

OpenOffice.org described the bugs as file-handling heap overflows. Patches are available in OpenOffice 2.4.2. OpenOffice 3.0 is not affected by these vulnerabilities.

posted by Ryan Naraine
October 29, 2008 @ 10:19 am

Previous Post: CardCops: Stolen credit card details getting cheaper
Next Post: Cybercrime friendly EstDomains loses ICANN registrar accreditation

Last 10 posts:

Opera patches 'extremely severe' security hole (11-23)
Exploit published for critical IE 7 zero-day flaw (11-23)
Inside the Google Chrome OS security model (11-19)
Microsoft finds security hole in Google Chrome Frame (11-19)
Mozilla locks out rogue Firefox add-ons (11-18)
Thousands of web sites compromised, redirect to scareware (11-17)
Microsoft confirms 'detailed' Windows 7 exploit (11-16)
Man-in-the-middle attacks demoed on 4 smartphones (11-13)
Microsoft bracing for malware attacks from embedded fonts (11-12)
Apple Safari exposes Windows to drive-by download attacks (11-11)