PROBLEM:
OpenOffice.org Two Vulnerabilities
PLATFORM:
OpenOffice.org 3.3, Other versions may also be affected.
ABSTRACT:
Two vulnerabilities have been reported in OpenOffice.org, which can be exploited by malicious people to compromise a user's system.
Reference LINKS:
Secunia Advisory SA46992
CVE-2012-1149
CVE-2012-2149
IMPACT ASSESSMENT:
High
Discussion:
1) An integer overflow error in the vclmi.dll module when allocating memory for an embedded image object can be exploited to cause a heap-based buffer overflow e.g. via a specially crafted JPEG object within a DOC file.
2) An error within libwpd when parsing Wordperfect documents can be exploited to overwrite arbitrary memory via a specially crafted Wordperfect WPD-format document.
Impact:
Successful exploitation of the vulnerabilities may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.
Solution:
The vendor has issued an update 3.4.