CERT-In Vulnerability Note CIVN-2008-49
Multiple Remote code Execution Vulnerabilities in OpenOffice.org
Original Issue Date:
May 01, 2008
Severity Rating:
High
System Affected
• OpenOffice.org prior to 2.4
Overview
Multiple vulnerabilities have been reported in OpenOffice.org. These Vulnerabilities could be exploited by the remote attacker to execute arbitrary code to take control of the vulnerable system.
Description
1. OpenOffice.org QPRO Multiple Heap Overflow Vulnerabilities
(CVE-2007-5745 , CVE-2007-5747)
OpenOffice is an open-source desktop office suite for many of today's popular operating systems. One of the file formats that OpenOffice supports is Quattro Pro (QPRO). This format is used by Corel's QuattroPro spreadsheet application.
Multiple heap-based buffer-overflow vulnerabilities arise when the application handles specially crafted Quattro Pro files. First, buffer-overflow issues can occur when parsing the file's 'Attribute' and 'Font Description' records. Attackers can trigger these issues by inserting more than 256 records. Second, a loop counter parsed from the QPRO file isn't properly checked for underflow conditions as it decrements.
The attacker could exploit this vulnerability by creating Quattro Pro file with specially crafted attribute and font description records and enticing user to open the file. Opening this file may cause heap overflow and allow remote attacker to execute arbitrary code with the privileges of the logged in user.
2. OpenOffice.org Heap-based buffer overflow Vulnerability
(CVE-2008-0320)
Object Linking and Embedding (OLE) is a proprietary binary file format developed by Microsoft. OLE is used for Office files such as PowerPoint (PPT), Excel (XLS), and Word (DOC).
A heap-based buffer overflow can occur when the application parses specially crafted OLE files. This issue arises when the importer for OLE files parses the 'DocumentSummaryInformation' stream and fails to adequately verify the size of a destination buffer before copying attacker-supplied information into it.
Remote attackers can exploit these issues by enticing victims into opening maliciously crafted files.Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
Solution
Update OpenOffice.org to Version 2.4.
Vendor Information
OpenOffice
http://www.openoffice.org/security/cves/CVE-2007-5745.html http://www.openoffice.org/security/cves/CVE-2008-0320.html
References
iDefense Labs http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=691 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=693 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=694
AusCERT
http://www.auscert.org.au/render.html?it=9144
FrSIRT
http://www.frsirt.com/english/advisories/2008/1253/references
Secunia
http://secunia.com/advisories/29852
Security Focus
http://www.securityfocus.com/bid/28819
CVE Name
CVE-2007-5745
CVE-2007-5747
CVE-2008-0320
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
