content/security/cves/CVE-2009-2493.html - openoffice-org - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
   <title>CVE-2009-2493</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>
 </head>

 <body>
   <h2><a href=
   "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2493">CVE-2009-2493</a></h2>

   <h3>OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC
   Runtime</h3>

   <ul>
     <li><strong>Synopsis:</strong> OpenOffice.org 3 for Windows includes a
     vulnerable version of the MSVC Runtime, see <a href=
     "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2493">CVE-2009-2493</a>
     for details.</li>

     <li><strong>State:</strong> Resolved</li>
   </ul>

   <h4>1. Impact</h4>

   <p>OpenOffice.org 3 for Windows ships with a vulnerable version of the MSVC
   Runtime, <a href=
   "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2493">CVE-2009-2493</a>
   for details. OpenOffice.org is not affected by the security issue, but
   centrally installs the vulnerable MSVC Runtime if it didn't exist on the
   system before. The vulnerable version should be updated automatically by
   the monthly Windows updates, but newer versions of OpenOffice.org also come
   with the updated MSVC Runtime.</p>

   <h4>2. Affected releases</h4>

   <ul>
     <li>All versions of OpenOffice.org 3 for Windows prior to version
     3.2</li>
   </ul>

   <p>Note: OpenOffice.org 2 and OpenOffice.org 1.1 are not impacted by this
   issue.</p>

   <h4>3. Symptoms</h4>

   <p>There are no predictable symptoms that would indicate this issue has
   occurred.</p>

   <h4>4. Relief/Workaround</h4>

   <p>None.</p>

   <h4>5. Resolution</h4>

   <p>This issue is addressed in the following release: <strong>OpenOffice.org
   3.2</strong></p><!--
   <h4>6. Comments</h4>

   <p>OpenOffice.org acknowledges with thanks Sebastian Apelt from <a href=
   "http://siberas.com/">siberas</a></p>
 -->
   <hr />

   <p><a href="//security/">Security Home</a> -&gt;
   <a href="//security/bulletin.html">Bulletin</a>
   -&gt; <a href=
   "//security/cves/CVE-2009-2493.html">CVE-2009-2493</a></p>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2009-2493</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>
	</head>

	<body>
	<h2><a href=
	"http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2493">CVE-2009-2493</a></h2>

	<h3>OpenOffice.org 3 for Windows bundles a vulnerable version of MSVC
	Runtime</h3>

	<ul>
	<li><strong>Synopsis:</strong> OpenOffice.org 3 for Windows includes a
	vulnerable version of the MSVC Runtime, see <a href=
	"http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2493">CVE-2009-2493</a>
	for details.</li>

	<li><strong>State:</strong> Resolved</li>
	</ul>

	<h4>1. Impact</h4>

	<p>OpenOffice.org 3 for Windows ships with a vulnerable version of the MSVC
	Runtime, <a href=
	"http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2493">CVE-2009-2493</a>
	for details. OpenOffice.org is not affected by the security issue, but
	centrally installs the vulnerable MSVC Runtime if it didn't exist on the
	system before. The vulnerable version should be updated automatically by
	the monthly Windows updates, but newer versions of OpenOffice.org also come
	with the updated MSVC Runtime.</p>

	<h4>2. Affected releases</h4>

	<ul>
	<li>All versions of OpenOffice.org 3 for Windows prior to version
	3.2</li>
	</ul>

	<p>Note: OpenOffice.org 2 and OpenOffice.org 1.1 are not impacted by this
	issue.</p>

	<h4>3. Symptoms</h4>

	<p>There are no predictable symptoms that would indicate this issue has
	occurred.</p>

	<h4>4. Relief/Workaround</h4>

	<p>None.</p>

	<h4>5. Resolution</h4>

	<p>This issue is addressed in the following release: <strong>OpenOffice.org
	3.2</strong></p><!--
	<h4>6. Comments</h4>

	<p>OpenOffice.org acknowledges with thanks Sebastian Apelt from <a href=
	"http://siberas.com/">siberas</a></p>
	-->
	<hr />

	<p><a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a>
	-> <a href=
	"//security/cves/CVE-2009-2493.html">CVE-2009-2493</a></p>
	</body>
	</html>