content/security/cves/CVE-2012-2665.html - openoffice-org - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
   <title>CVE-2012-2665</title>
   <style type="text/css"></style>
 </head>

 <body>
   <h2><a
       href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2665">CVE-2012-2665</a></h2>

   <h3> Manifest-processing errors in Apache OpenOffice 3.4.0
   </h3>

     <ul>

         <h4>Severity: Important</h4>

         <h4>Vendor: The Apache Software Foundation</h4>

         <h4>Versions Affected:</h4>
                                  <ul>
                                      <li>Apache OpenOffice 3.4.0, all languages,
                                          all platforms.</li>
                                      <li>Earlier versions of OpenOffice.org may
                                          be also affected.</li>
                                  </ul>


 <h4>Description:</h4>
 <p> Description: When OpenOffice reads an ODF document, it first loads and
     processes an XML stream within the file called the manifest.  Apache
     OpenOffice 3.4.0 has logic errors that allows a carefully crafted manifest
     to cause reads and writes beyond allocated buffers.</p>
         <p>
         No specific exploit has been demonstrated
     in this case, though such flaws generally are conducive to exploitation,
     possibly including denial of service and elevation of privilege.
     </p>

         <h4>Mitigation</h4>
         <p>OpenOffice users are advised to <a
 href="https://www.openoffice.org/download">upgrade to Apache OpenOffice
 3.4.1</a>. Users who are unable
 to upgrade immediately should exercise caution when opening untrusted ODF
 documents.</p>

 <h4>Credits</h4>

 <p>The Apache OpenOffice Security Team acknowledges Timo Warns of PRESENSE
     Technologies GmbH as the discoverer of these flaws.</p>

   <hr />

   <p><a href="http://security.openoffice.org">Security Home</a> -&gt; <a href="../bulletin.html">Bulletin</a> -&gt;
   <a href="CVE-2012-2665.html">CVE-2012-2665</a></p>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2012-2665</title>
	<style type="text/css"></style>
	</head>

	<body>
	<h2><a
	href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2665">CVE-2012-2665</a></h2>

	<h3> Manifest-processing errors in Apache OpenOffice 3.4.0
	</h3>

	<ul>

	<h4>Severity: Important</h4>

	<h4>Vendor: The Apache Software Foundation</h4>

	<h4>Versions Affected:</h4>
	<ul>
	<li>Apache OpenOffice 3.4.0, all languages,
	all platforms.</li>
	<li>Earlier versions of OpenOffice.org may
	be also affected.</li>
	</ul>


	<h4>Description:</h4>
	<p> Description: When OpenOffice reads an ODF document, it first loads and
	processes an XML stream within the file called the manifest. Apache
	OpenOffice 3.4.0 has logic errors that allows a carefully crafted manifest
	to cause reads and writes beyond allocated buffers.</p>
	<p>
	No specific exploit has been demonstrated
	in this case, though such flaws generally are conducive to exploitation,
	possibly including denial of service and elevation of privilege.
	</p>

	<h4>Mitigation</h4>
	<p>OpenOffice users are advised to <a
	href="https://www.openoffice.org/download">upgrade to Apache OpenOffice
	3.4.1</a>. Users who are unable
	to upgrade immediately should exercise caution when opening untrusted ODF
	documents.</p>

	<h4>Credits</h4>

	<p>The Apache OpenOffice Security Team acknowledges Timo Warns of PRESENSE
	Technologies GmbH as the discoverer of these flaws.</p>

	<hr />

	<p><a href="http://security.openoffice.org">Security Home</a> -> <a href="../bulletin.html">Bulletin</a> ->
	<a href="CVE-2012-2665.html">CVE-2012-2665</a></p>
	</body>
	</html>