OpenOffice DOC Memory Corruption

2013.07.29

Credit: Herbert Durr

Risk: High

Local: Yes

Remote: No

CVE: CVE-2013-2189

CWE: N/A

Ogólna skala CVSS: 6.8/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 8.6/10

Wymagany dostęp: Zdalny

Złożoność ataku: Średnia

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

CVE-2013-2189
OpenOffice DOC Memory Corruption Vulnerability

Severity: Important
Vendor: The Apache Software Foundation

Versions Affected:
     Apache OpenOffice 3.4.0 to 3.4.1 on all platforms.
     Predecessor versions of OpenOffice.org may be also affected.

Description:

     The vulnerability is caused by operating on invalid PLCF (Plex of
Character Positions in File) data when parsing a malformed DOC document
file. Specially crafted documents can be used for denial-of-service
attacks. Further exploits are possible but have not been verified.

Mitigation:

     Apache OpenOffice 3.4 users are advised to upgrade to Apache
OpenOffice 4.0. Users who are unable to upgrade immediately should be
cautious when opening untrusted documents.

Credits:

     The Apache OpenOffice Security Team credits Jeremy Brown of
Microsoft Vulnerability Research as the discoverer of this flaw.

Herbert Drr
Member of the Apache OpenOffice Security Team

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OpenOffice DOC Memory Corruption

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.