| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head profile="http://www.w3.org/2005/10/profile"> |
| <title>CVE-2010-2935</title> |
| <style type="text/css"></style> |
| </head> |
| |
| <body> |
| <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2935">CVE-2010-2935</a> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2936">CVE-2010-2936</a></h2> |
| |
| <h3> |
| Security Vulnerability in OpenOffice.org related to PowerPoint document processing |
| </h3> |
| |
| <ul> |
| <li><strong>Synopsis:</strong> |
| A security vulnerability in OpenOffice.org, related to PowerPoint document processing, may lead to arbitrary code execution. |
| </li> |
| <li><strong>State:</strong> Resolved</li> |
| </ul> |
| |
| <h4>1. Impact</h4> |
| |
| <p> |
| A security vulnerability in OpenOffice.org, related to PowerPoint document processing, may allow a remote unprivileged user to execute arbitrary code on the system with the privileges of a local user running OpenOffice.org, if the local user opens a crafted PowerPoint document provided by the remote user. |
| </p> |
| |
| <h4>2. Affected releases</h4> |
| |
| <ul> |
| <li>All versions of OpenOffice.org 3 prior to version 3.3</li> |
| <li>All versions of OpenOffice.org 2</li> |
| </ul> |
| |
| <p>Note: Earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue.</p> |
| |
| <h4>3. Symptoms</h4> |
| |
| <p>There are no predictable symptoms that would indicate this issue has |
| occurred.</p> |
| |
| <h4>4. Relief/Workaround</h4> |
| |
| <p> |
| To workaround the described issue, do not load documents from untrusted sources. |
| </p> |
| |
| <h4>5. Resolution</h4> |
| |
| <p>This issue is addressed in the following release: <strong>OpenOffice.org 3.3</strong></p> |
| |
| |
| <hr /> |
| |
| <p><a href="//security/">Security Home</a> -> <a href="//security/bulletin.html">Bulletin</a> -> |
| <a href="//security/cves/CVE-2010-2935_CVE-2010-2936.html">CVE-2010-2935_CVE-2010-2936</a></p> |
| </body> |
| </html> |