==================================================================== CERT-Renater Note d'Information No. 2012/VULN215 ____________________________________________________________________ DATE : 18/05/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running OpenOffice.org versions 3.3, 3.4 Beta and earlier. ====================================================================== http://www.openoffice.org/security/cves/CVE-2012-1149.html http://www.openoffice.org/security/cves/CVE-2012-2149.html ______________________________________________________________________ CVE-2012-1149 OpenOffice.org integer overflow error in vclmi.dll module when allocating memory for an embedded image object Severity: Important Vendor: The Apache Software Foundation Versions Affected: OpenOffice.org 3.3 and 3.4 Beta, on all platforms. Earlier versions may be also affected. Description: The vulnerability is caused due to an integer overflow error in the vclmi.dll module when allocating memory for an embedded image object. This can be exploited to cause a heap-based buffer overflow via, for example using a specially crafted JPEG object within a DOC file. Mitigation OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4. Users who are unable to upgrade immediately should be cautious when opening untrusted documents. Credits The Apache OpenOffice Security Team credits Tielei Wang via Secunia SVCRP as the discoverer of this flaw. ______________________________________________________________________ CVE-2012-2149 OpenOffice.org memory overwrite vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: OpenOffice.org 3.3 and 3.4 Beta, on all platforms. Earlier versions may be also affected. Description: Effected versions of OpenOffice.org use a customized libwpd that has a memory overwrite vulnerability that could be exploited by a specially crafted Wordperfect WPD-format document, potentially leading to arbitrary-code execution at application user privilege level. Mitigation OpenOffice.org 3.3.0 and 3.4 beta users are advised to upgrade to Apache OpenOffice 3.4, where WPD files are ignored. Users who are unable to upgrade immediately should be cautious when opening untrusted WPD documents. Credits The Apache OpenOffice Security Team acknowledges Kestutis Gudinavicius of SEC Consult Unternehmensberatung GmbH as the discoverer of this flaw. ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================