CVE-2013-2189
OpenOffice DOC Memory Corruption Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
     Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
     Predecessor versions of OpenOffice.org may be also affected.

Description:

     The vulnerability is caused by operating on invalid PLCF (Plex of
Character Positions in File) data when parsing a malformed DOC document
file. Specially crafted documents can be used for denial-of-service
attacks. Further exploits are possible but have not been verified.

Mitigation:

     Apache OpenOffice 3.4 users are advised to upgrade to Apache
OpenOffice 4.0. Users who are unable to upgrade immediately should be
cautious when opening untrusted documents.

Credits:

     The Apache OpenOffice Security Team credits Jeremy Brown of
Microsoft Vulnerability Research as the discoverer of this flaw.

Herbert Drr
Member of the Apache OpenOffice Security Team