===================================================================== CERT-Renater Note d'Information No. 2007/VULN481 _____________________________________________________________________ DATE : 05/12/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running OpenOffice.org 2. ====================================================================== http://www.openoffice.org/security/cves/CVE-2007-4575.html ______________________________________________________________________ CVE-2007-4575 Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB) * Synopsis: users opening specially crafted database documents may allow attackers to execute arbitrary static Java code * State: Resolved 1. Impact A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user. 2. Affected releases All versions prior to OpenOffice.org 2.3.1 3. Symptoms There are no predictable symptoms that would indicate this issue has occurred 4. Relief/Workaround There is no workaround. See "Resolution" below. 5. Resolution This issue is addressed in the following releases: HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1 ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================