content/security/cves/CVE-2007-4770.html - openoffice-org - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

 <html>
 <head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

   <title>CVE-2007-4770/4771</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>
 </head>

 <body>
   <h2>CVE-2007-4770/4771</h2>

   <h3>Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution</h3>

   <ul>
     <li><strong>Synopsis:</strong>Manipulated ODF text documents containing
     XForms can lead to heap overflows and arbitrary code execution</li>

     <li><strong>State:</strong> Resolved</li>
   </ul>

   <h4>1. Impact</h4>

   <p>A security vulnerability with the way OpenOffice.org 2 processes ODF
   text documents with XForms, using the 3rd party library ICU, may allow a
   remote unprivileged user who provides a OpenOffice.org document that is
   opened by a local user to execute arbitrary commands on the system with the
   privileges of the user running OpenOffice.org. No working exploit is known
   right now.</p>

   <h4>2. Affected releases</h4>

   <p>All versions prior to OpenOffice.org 2.4</p>

   <h4>3. Symptoms</h4>

   <p>There are no predictable symptoms that would indicate this issue has
   occurred</p>

   <h4>4. Relief/Workaround</h4>

   <p>There is no workaround. See "Resolution" below.</p>

   <h4>5. Resolution</h4>

   <p>This issue is addressed in the following release:</p>

   <p><strong>OpenOffice.org 2.4</strong></p>
   <hr>

   <p><a href="//security/">Security Home</a> -&gt;
   <a href="//security/bulletin.html">Bulletin</a>
   -&gt; <a href=
   "//security/cves/CVE-2007-4770.html">CVE-2007-4770/4771</a></p>

 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
	"http://www.w3.org/TR/html4/loose.dtd">

	<html>
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

	<title>CVE-2007-4770/4771</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>
	</head>

	<body>
	<h2>CVE-2007-4770/4771</h2>

	<h3>Manipulated ODF text documents containing XForms can lead to heap overflows and arbitrary code execution</h3>

	<ul>
	<li><strong>Synopsis:</strong>Manipulated ODF text documents containing
	XForms can lead to heap overflows and arbitrary code execution</li>

	<li><strong>State:</strong> Resolved</li>
	</ul>

	<h4>1. Impact</h4>

	<p>A security vulnerability with the way OpenOffice.org 2 processes ODF
	text documents with XForms, using the 3rd party library ICU, may allow a
	remote unprivileged user who provides a OpenOffice.org document that is
	opened by a local user to execute arbitrary commands on the system with the
	privileges of the user running OpenOffice.org. No working exploit is known
	right now.</p>

	<h4>2. Affected releases</h4>

	<p>All versions prior to OpenOffice.org 2.4</p>

	<h4>3. Symptoms</h4>

	<p>There are no predictable symptoms that would indicate this issue has
	occurred</p>

	<h4>4. Relief/Workaround</h4>

	<p>There is no workaround. See "Resolution" below.</p>

	<h4>5. Resolution</h4>

	<p>This issue is addressed in the following release:</p>

	<p><strong>OpenOffice.org 2.4</strong></p>
	<hr>

	<p><a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a>
	-> <a href=
	"//security/cves/CVE-2007-4770.html">CVE-2007-4770/4771</a></p>

	</body>
	</html>