=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN063
_____________________________________________________________________

DATE                      : 27/01/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running OpenOffice.org's PDF Import extension version prior to version 1.0.4.

======================================================================
http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html
______________________________________________________________________


CVE-2010-3702 CVE-2010-3704

Security Vulnerability in OpenOffice.org's PDF Import extension resulting
from 3rd party library XPDF

    * Synopsis: A security vulnerability in the 3rd party library XPDF,
related to PDF document processing, may lead to arbitrary code execution.
    * State: Resolved


1. Impact

A security vulnerability in the 3rd party library XPDF (only used in the
PDF import extension), related to PDF document processing, may allow a remote
unprivileged user to execute arbitrary code on the system with the privileges
of a local user running OpenOffice.org, if the local user opens a crafted
PDF document provided by the remote user.


2. Affected releases

    * All versions of OpenOffice.org's PDF Import extension prior to version 1.0.4

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred.


4. Relief/Workaround

To workaround the described issue, do not load documents from untrusted sources.


5. Resolution

This issue is addressed in the following release: PDF Import Extension 1.0.4

Security Home -> Bulletin -> CVE-2010-3702_CVE-2010-3704

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================