content/security/cves/CVE-2009-0200-0201.html - openoffice-org - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
   <title>CVE-2009-0200 / CVE-2009-0201</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>
 </head>

 <body>
   <h2><a href=
   "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0200">CVE-2009-0200</a>
   / <a href=
   "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0201">CVE-2009-0201</a></h2>

   <h3>Manipulated Word documents can lead to heap overflows and arbitrary
   code execution</h3>

   <ul>
     <li><strong>Synopsis:</strong> Manipulated WMF files can lead to heap
     overflows and arbitrary code execution</li>

     <li><strong>State:</strong> Resolved</li>
   </ul>

   <h4>1. Impact</h4>

   <p>A security vulnerability with the way OpenOffice.org processes Word
   documents may allow a remote unprivileged user who provides a Word document
   that is opened by a local user to execute arbitrary commands on the system
   with the privileges of the user running OpenOffice.org.<br />
   No working exploit is known right now.</p>

   <h4>2. Affected releases</h4>

   <ul>
     <li>All versions of OpenOffice.org 3 prior to version 3.1.1</li>

     <li>All versions of OpenOffice.org 2 prior to version 2.4.3</li>

     <li>All versions of OpenOffice.org 1</li>
   </ul>

   <h4>3. Symptoms</h4>

   <p>There are no predictable symptoms that would indicate this issue has
   occurred.</p>

   <h4>4. Relief/Workaround</h4>

   <p>There is no workaround. See "Resolution" below.</p>

   <h4>5. Resolution</h4>

   <p>This issue is addressed in the following releases:</p>

   <ul>
     <li><strong>OpenOffice.org 3.1.1</strong></li>

     <li><strong>OpenOffice.org 2.4.3</strong></li>
   </ul>

   <h4>6. Comments</h4>

   <p>OpenOffice.org acknowledges with thanks, Dyon Balding of <a href=
   "http://secunia.com/secunia_research/">Secunia Research</a>.</p>
   <hr />

   <p><a href="//security/">Security Home</a> -&gt;
   <a href="//security/bulletin.html">Bulletin</a>
   -&gt; <a href=
   "//security/cves/CVE-2009-0200-0201.html">CVE-2009-0200
   / CVE-2009-0201</a></p>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2009-0200 / CVE-2009-0201</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>
	</head>

	<body>
	<h2><a href=
	"http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0200">CVE-2009-0200</a>
	/ <a href=
	"http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-0201">CVE-2009-0201</a></h2>

	<h3>Manipulated Word documents can lead to heap overflows and arbitrary
	code execution</h3>

	<ul>
	<li><strong>Synopsis:</strong> Manipulated WMF files can lead to heap
	overflows and arbitrary code execution</li>

	<li><strong>State:</strong> Resolved</li>
	</ul>

	<h4>1. Impact</h4>

	<p>A security vulnerability with the way OpenOffice.org processes Word
	documents may allow a remote unprivileged user who provides a Word document
	that is opened by a local user to execute arbitrary commands on the system
	with the privileges of the user running OpenOffice.org.<br />
	No working exploit is known right now.</p>

	<h4>2. Affected releases</h4>

	<ul>
	<li>All versions of OpenOffice.org 3 prior to version 3.1.1</li>

	<li>All versions of OpenOffice.org 2 prior to version 2.4.3</li>

	<li>All versions of OpenOffice.org 1</li>
	</ul>

	<h4>3. Symptoms</h4>

	<p>There are no predictable symptoms that would indicate this issue has
	occurred.</p>

	<h4>4. Relief/Workaround</h4>

	<p>There is no workaround. See "Resolution" below.</p>

	<h4>5. Resolution</h4>

	<p>This issue is addressed in the following releases:</p>

	<ul>
	<li><strong>OpenOffice.org 3.1.1</strong></li>

	<li><strong>OpenOffice.org 2.4.3</strong></li>
	</ul>

	<h4>6. Comments</h4>

	<p>OpenOffice.org acknowledges with thanks, Dyon Balding of <a href=
	"http://secunia.com/secunia_research/">Secunia Research</a>.</p>
	<hr />

	<p><a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a>
	-> <a href=
	"//security/cves/CVE-2009-0200-0201.html">CVE-2009-0200
	/ CVE-2009-0201</a></p>
	</body>
	</html>