CVE-2013-2189 OpenOffice DOC Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 to 3.4.1 on all platforms. Predecessor versions of OpenOffice.org may be also affected. Description: The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Mitigation: Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents. Credits: The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw. Herbert Drr Member of the Apache OpenOffice Security Team