content/security/cves/CVE-2009-2950.html - openoffice-org - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
   <title>CVE-2009-2950</title>
   <style type="text/css">
 /*<![CDATA[*/
     hr { display: block }
   /*]]>*/
   </style>
 </head>

 <body>
   <h2><a href=
   "http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2950">CVE-2009-2950</a></h2>

   <h3>Security Vulnerability in OpenOffice.org related to GIF file
   processing</h3>

   <ul>
     <li><strong>Synopsis:</strong> Security Vulnerability in OpenOffice.org
     related to GIF file processing may lead to arbitrary code execution</li>

     <li><strong>State:</strong> Resolved</li>
   </ul>

   <h4>1. Impact</h4>

   <p>A security vulnerability in OpenOffice.org, related to GIF file
   processing, may allow a remote unprivileged user to execute arbitrary code
   on the system with the privileges of a local user running OpenOffice.org,
   if the local user opens a crafted GIF file provided by the remote user. GIF
   files can also be embedded in different kind of documents, including
   documents in the OpenDocument Format (ODF), the default format used by
   OpenOffice.org.</p>

   <h4>2. Affected releases</h4>

   <p>All versions of OpenOffice.org prior to version 3.2</p>

   <h4>3. Symptoms</h4>

   <p>There are no predictable symptoms that would indicate this issue has
   occurred.</p>

   <h4>4. Relief/Workaround</h4>

   <p>To workaround the described issue, do not load documents from untrusted
   sources.</p>

   <h4>5. Resolution</h4>

   <p>This issue is addressed in the following release: <strong>OpenOffice.org
   3.2</strong></p>

   <h4>6. Comments</h4>

   <p>OpenOffice.org acknowledges with thanks, Frank Rei&szlig;ner and Sebastian
   Apelt from <a href="http://siberas.com/">siberas</a></p>
   <hr />

   <p><a href="//security/">Security Home</a> -&gt;
   <a href="//security/bulletin.html">Bulletin</a>
   -&gt; <a href=
   "//security/cves/CVE-2009-2950.html">CVE-2009-2950</a></p>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2009-2950</title>
	<style type="text/css">
	/<![CDATA[/
	hr { display: block }
	/]]>/
	</style>
	</head>

	<body>
	<h2><a href=
	"http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2950">CVE-2009-2950</a></h2>

	<h3>Security Vulnerability in OpenOffice.org related to GIF file
	processing</h3>

	<ul>
	<li><strong>Synopsis:</strong> Security Vulnerability in OpenOffice.org
	related to GIF file processing may lead to arbitrary code execution</li>

	<li><strong>State:</strong> Resolved</li>
	</ul>

	<h4>1. Impact</h4>

	<p>A security vulnerability in OpenOffice.org, related to GIF file
	processing, may allow a remote unprivileged user to execute arbitrary code
	on the system with the privileges of a local user running OpenOffice.org,
	if the local user opens a crafted GIF file provided by the remote user. GIF
	files can also be embedded in different kind of documents, including
	documents in the OpenDocument Format (ODF), the default format used by
	OpenOffice.org.</p>

	<h4>2. Affected releases</h4>

	<p>All versions of OpenOffice.org prior to version 3.2</p>

	<h4>3. Symptoms</h4>

	<p>There are no predictable symptoms that would indicate this issue has
	occurred.</p>

	<h4>4. Relief/Workaround</h4>

	<p>To workaround the described issue, do not load documents from untrusted
	sources.</p>

	<h4>5. Resolution</h4>

	<p>This issue is addressed in the following release: <strong>OpenOffice.org
	3.2</strong></p>

	<h4>6. Comments</h4>

	<p>OpenOffice.org acknowledges with thanks, Frank Reißner and Sebastian
	Apelt from <a href="http://siberas.com/">siberas</a></p>
	<hr />

	<p><a href="//security/">Security Home</a> ->
	<a href="//security/bulletin.html">Bulletin</a>
	-> <a href=
	"//security/cves/CVE-2009-2950.html">CVE-2009-2950</a></p>
	</body>
	</html>