====================================================================

                             CERT-Renater

                  Note d'Information No. 2012/VULN312
____________________________________________________________________

DATE                :  02/08/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running LibreOffice versions prior to
                                            3.5.5, 3.6.0.

======================================================================
http://www.libreoffice.org/advisories/CVE-2012-2665/
______________________________________________________________________


CVE-2012-2665

Title: CVE-2012-2665: Multiple heap-based buffer overflows in the XML
manifest encryption handling code

Announced: August 01 2012

Fixed in: LibreOffice 3.5.5/3.6.0

Description:

Multiple heap-based buffer overflow flaws were found in the XML
manifest encryption tag parsing code of LibreOffice. An attacker could
create a specially-crafted file in the Open Document Format for Office
Applications (ODF) format which when opened could cause arbitrary code
execution.

Thanks to Timo Warns of PRE-CERT for reporting this flaw. Users are
recommended to upgrade to 3.5.5 or 3.6.0 to avoid this flaw



References:

    CVE-2012-2665



======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================