====================================================================

                                CERT-Renater

                      Note d'Information No. 2012/VULN147
____________________________________________________________________

DATE                : 23/03/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running LibreOffice versions
                                      prior to 3.4.6, 3.5.1.
======================================================================
http://www.libreoffice.org/advisories/CVE-2012-0037/
______________________________________________________________________


CVE-2012-0037

Title: CVE-2012-0037: XML Entity Expansion flaw by
processing RDF file

Announced: March 22 2012

Fixed in: LibreOffice 3.4.6/3.5.1

Description:

An XML Entity Expansion flaw was found in the way embedded Raptor library
processed certain RDF and other XML-based format files. An attacker could
create a specially-crafted file in an affected LibreOffice format which
when opened could cause arbitrary code execution or local file inclusion.

Thanks to Timothy D. Morgan of VSR for reporting this flaw. Users are
recommended to upgrade to 3.4.6 or 3.5.1 to avoid this flaw



References:

    * CVE-2012-0037



======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================