content/security/cves/CVE-2009-2949.html - openoffice-org - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
   <title>CVE-2009-2949</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>
 </head>

 <body>
   <h2><a href=
   "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2949">CVE-2009-2949</a></h2>

   <h3>Security Vulnerability in OpenOffice.org related to XPM file
   processing</h3>

   <ul>
     <li><strong>Synopsis:</strong> Security Vulnerability in OpenOffice.org
     related to XPM file processing may lead to arbitrary code execution</li>

     <li><strong>State:</strong> Resolved</li>
   </ul>

   <h4>1. Impact</h4>

   <p>A security vulnerability in OpenOffice.org, related to XPM file
   processing, may allow a remote unprivileged user to execute arbitrary code
   on the system with the privileges of a local user running OpenOffice.org,
   if the local user opens a crafted XPM file provided by the remote user. XPM
   files can also be embedded in different kind of documents, including
   documents in the OpenDocument Format (ODF), the default format used by
   OpenOffice.org.</p>

   <h4>2. Affected releases</h4>

   <p>All versions of OpenOffice.org prior to version 3.2</p>

   <h4>3. Symptoms</h4>

   <p>There are no predictable symptoms that would indicate this issue has
   occurred.</p>

   <h4>4. Relief/Workaround</h4>

   <p>To workaround the described issue, do not load documents from untrusted
   sources.</p>

   <h4>5. Resolution</h4>

   <p>This issue is addressed in the following release: <strong>OpenOffice.org
   3.2</strong></p>

   <h4>6. Comments</h4>

   <p>OpenOffice.org acknowledges with thanks Sebastian Apelt from <a href=
   "http://siberas.com/">siberas</a></p>
   <hr />

   <p><a href="//security/">Security Home</a> -&gt;
   <a href="//security/bulletin.html">Bulletin</a>
   -&gt; <a href=
   "//security/cves/CVE-2009-2949.html">CVE-2009-2949</a></p>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2009-2949</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>
	</head>

	<body>
	<h2><a href=
	"http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2949">CVE-2009-2949</a></h2>

	<h3>Security Vulnerability in OpenOffice.org related to XPM file
	processing</h3>

	<ul>
	<li><strong>Synopsis:</strong> Security Vulnerability in OpenOffice.org
	related to XPM file processing may lead to arbitrary code execution</li>

	<li><strong>State:</strong> Resolved</li>
	</ul>

	<h4>1. Impact</h4>

	<p>A security vulnerability in OpenOffice.org, related to XPM file
	processing, may allow a remote unprivileged user to execute arbitrary code
	on the system with the privileges of a local user running OpenOffice.org,
	if the local user opens a crafted XPM file provided by the remote user. XPM
	files can also be embedded in different kind of documents, including
	documents in the OpenDocument Format (ODF), the default format used by
	OpenOffice.org.</p>

	<h4>2. Affected releases</h4>

	<p>All versions of OpenOffice.org prior to version 3.2</p>

	<h4>3. Symptoms</h4>

	<p>There are no predictable symptoms that would indicate this issue has
	occurred.</p>

	<h4>4. Relief/Workaround</h4>

	<p>To workaround the described issue, do not load documents from untrusted
	sources.</p>

	<h4>5. Resolution</h4>

	<p>This issue is addressed in the following release: <strong>OpenOffice.org
	3.2</strong></p>

	<h4>6. Comments</h4>

	<p>OpenOffice.org acknowledges with thanks Sebastian Apelt from <a href=
	"http://siberas.com/">siberas</a></p>
	<hr />

	<p><a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a>
	-> <a href=
	"//security/cves/CVE-2009-2949.html">CVE-2009-2949</a></p>
	</body>
	</html>