| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" |
| "http://www.w3.org/TR/html4/loose.dtd"> |
| |
| <html> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> |
| |
| <title>CVE-2008-0320</title> |
| <style type="text/css"> |
| /*<![CDATA[*/ |
| hr { display: block } |
| /*]]>*/ |
| </style> |
| |
| </head> |
| |
| <body> |
| <h2>CVE-2008-0320</h2> |
| |
| <h3>Manipulated OLE files can lead to heap overflows and arbitrary code |
| execution</h3> |
| |
| <ul> |
| <li><strong>Synopsis:</strong>Manipulated OLE files can lead to heap |
| overflows and arbitrary code execution</li> |
| |
| <li><strong>State:</strong> Resolved</li> |
| </ul> |
| |
| <h4>1. Impact</h4> |
| |
| <p>A security vulnerability with the way OpenOffice.org 1.1 and 2 process |
| OLE files may allow a remote unprivileged user who provides a |
| OpenOffice.org document that is opened by a local user to execute arbitrary |
| commands on the system with the privileges of the user running |
| OpenOffice.org. No working exploit is known right now.</p> |
| |
| <h4>2. Affected releases</h4> |
| |
| <p>All versions prior to OpenOffice.org 2.4</p> |
| |
| <h4>3. Symptoms</h4> |
| |
| <p>There are no predictable symptoms that would indicate this issue has |
| occurred</p> |
| |
| <h4>4. Relief/Workaround</h4> |
| |
| <p>There is no workaround. See "Resolution" below.</p> |
| |
| <h4>5. Resolution</h4> |
| |
| <p>This issue is addressed in the following release:</p> |
| |
| <p><strong>OpenOffice.org 2.4</strong></p> |
| <hr> |
| |
| <p><a href="//security/">Security Home</a> -> |
| <a href="//security/bulletin.html">Bulletin</a> |
| -> <a href= |
| "//security/cves/CVE-2008-0320.html">CVE-2008-0320</a></p> |
| |
| <h4>6. Comments</h4> |
| |
| <p>OpenOffice.org acknowledges with thanks, an anonymous researcher |
| working with the <a href="http://labs.idefense.com/vcp/">iDefense |
| VCP</a>.</p> |
| </body> |
| </html> |