| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head profile="http://www.w3.org/2005/10/profile"> |
| <title>CVE-2009-2414 / CVE-2009-2416</title> |
| <style type="text/css"> |
| /*<![CDATA[*/ |
| hr { display: block } |
| /*]]>*/ |
| </style> |
| </head> |
| |
| <body> |
| <h2><a href= |
| "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2414">CVE-2009-2414</a> |
| / <a href= |
| "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2416">CVE-2009-2416</a></h2> |
| |
| <h3>Manipulated XML documents can lead to arbitrary code execution</h3> |
| |
| <ul> |
| <li><strong>Synopsis:</strong> Manipulated XML documents can lead to |
| arbitrary code execution</li> |
| |
| <li><strong>State:</strong> Resolved</li> |
| </ul> |
| |
| <h4>1. Impact</h4> |
| |
| <p>A security vulnerability in OpenOffice.org, related to XML document |
| processing, may allow a remote unprivileged user to execute arbitrary code |
| on the system with the privileges of a local user running OpenOffice.org, |
| if the local user opens crafted XML documents provided by the remote user. |
| These XML documents may also include documents in the OpenDocument format |
| (ODF), the default format used by OpenOffice.org.<br /> |
| No working exploit is known right now.</p> |
| |
| <h4>2. Affected releases</h4> |
| |
| <ul> |
| <li>All versions of OpenOffice.org 3 prior to version 3.1.1</li> |
| |
| <li>All versions of OpenOffice.org 2 prior to version 2.4.3</li> |
| </ul> |
| |
| <p>Note: OpenOffice.org 1 is not impacted by this issue.</p> |
| |
| <h4>3. Symptoms</h4> |
| |
| <p>There are no predictable symptoms that would indicate this issue has |
| occurred.</p> |
| |
| <h4>4. Relief/Workaround</h4> |
| |
| <p>To workaround the described issues, do not load documents from untrusted |
| sources. See "Resolution" below.</p> |
| |
| <h4>5. Resolution</h4> |
| |
| <p>This issue is addressed in the following releases:</p> |
| |
| <ul> |
| <li><strong>OpenOffice.org 3.1.1</strong></li> |
| |
| <li><strong>OpenOffice.org 2.4.3</strong></li> |
| </ul> |
| |
| <h4>6. Comments</h4> |
| |
| <p>None</p> |
| <hr /> |
| |
| <p><a href="//security/">Security Home</a> -> |
| <a href="//security/bulletin.html">Bulletin</a> |
| -> <a href= |
| "//security/cves/CVE-2009-2414-2416.html">CVE-2009-2414 |
| / CVE-2009-2416</a></p> |
| </body> |
| </html> |